Verizon Discovers – Human Phishing Sensors

May 6, 2015

Verizon has released its Verizon 2015 Data Breach Investigations Report. We created this infographic from the report:

verizon 2015 dbir

Learn more at our new blog.


RSA 2015 – Lessons from 1919

April 24, 2015

We attended the RSA Conference in San Francisco this week.  There were two giant convention halls filled with latest in information security.  In addition to the in-booth presentations, there were continuous presentations and panels discussing security.  Jeh Johnson, the Secretary of the Department of Homeland Security, was a keynote speaker. Yet, in this sea of the new, the most interesting thing was something patented almost a century ago. In the NSA’s booth (yes, that NSA) was this:

Enigma

A wooden box about the size of a toaster oven — an Enigma machine.  Learn more at our new blog.


APT30 – Decades Long Cyberattack

April 17, 2015

This week, FireEye released their latest APT report – APT30: The Mechanics Behind a Decade Long Cyber Espionage Operation.  The sub-title summarizes the findings: How a Cyber Threat Group Exploited Governments and Commercial Entities across Southeast Asia and India for over a Decade.

What are the surprises in APT30? There are no surprises in APT30.  The bad guys engage in anti-forensics to avoid detection. APT30 tells us that the bad guys use spearphishing to make their initial infiltration:

APT30 LEVERAGES MAJOR POLITICAL TRANSITION AS PHISHING LURE CONTENT IN CAMPAIGN GEARED TO KEY POLITICAL STAKEHOLDERS

This is a sample of the lures used to trick users into compromising their systems:

APT30 Phishing Lure

Source: FireEye APT30

Learn more at our new blog.


Russians Access President’s Schedule

April 8, 2015

Russian hackers used compromised systems at the Executive Office of the President to access the President’s schedule.

Obama and tablet

How could Russian hackers get to the President’s schedule? Learn how at our new blog.


Cybersecurity Is No Joke – It Is A National Emergency

April 3, 2015

On April Fools’ Day President Obama issued an executive order entitled, “BLOCKING THE PROPERTY OF CERTAIN PERSONS ENGAGING IN SIGNIFICANT MALICIOUS CYBER-ENABLED ACTIVITIES.” This was not an April Fools’ prank.

Obama Cyber Briefing

Learn more at our new blog.


Spearphishing and Cyberterrorism

March 27, 2015

Writing in TechCrunch, Tom Chapman, director of cyber operations of Edgewave, describes how terrorists can apply the same techniques used against Anthem, Sony and many others to engage in cyberterrorism.

cyber terrorists

What could these technique be? Spearphishing. Learn more at our new blog.


11 Million Health Records Compromised With Deceptive Spelling

March 18, 2015

Premera, a leading health insurance company, has suffered a cyber breach impacting 11 million people. The company’s announcement says it has been the victim of a “sophisticated cyberattack.”

premera

What could this sophisticated attack have been?  Learn more at our new blog.


Follow

Get every new post delivered to your Inbox.