India Cyberattacks Pakistan — Using Spearphishing

November 24, 2015

A recent article posted at techviral describes how Indian cyberattackers are using spearphishing to attack Pakistani and UAE websites. The post discusses how the Indian hacking groups called the Shakti Campaign and the VVV use deceptive emails to gain control of targeted computers.

Learn more at our new blog.

Bad Guys Are Smart

November 13, 2015

On November 10, 2015, the Justice Department announced the indictment of four men for a “hacking,” securities fraud, and other crimes. In announcing the indictments, Manhattan U.S. Attorney Preet Bharara said, “The charged crimes showcase a brave new world of hacking for profit. It is no longer hacking merely for a quick payout, but hacking to support a diversified criminal conglomerate. This was hacking as a business model.”

computer spy

The indictment alleges that the conspirators used servers in Egypt, the Czech Republic, South Africa, Brazil and other countries as a launchpad to attack some of the largest financial firms based in the U.S. The indictment alleges that the defendants “hacked” networks, stole customer data about tens of millions of people and used the stolen data to run a massive stock manipulation scheme. But making millions of dollars from stock fraud wasn’t enough — so, it is alleged, the conspirators also ran other criminal businesses including Internet gambling, malware distribution, bogus online products businesses, and an illegal Bitcoin exchange.

Learn more at our new blog.

Spearphishing Solution – Prosecute Victims

November 2, 2015

In a recent Wall Street Journal interview, Adm. Mike Rogers, the Director of the NSA, suggested that people who fall for spearphishing attacks, such as the four people who compromised the Joint Staff, should be subject to court-martial.


Will this work?  Learn more at our new blog.

IA Director and Homeland Security Secretary Hacked – No Malware Needed

October 19, 2015

The FBI and Secret Service are investigating reports that the private email accounts of CIA Director John Brennan and Homeland Security Secretary Jeh Johnson were “hacked.”

cnn reports

So, how did the hacker do it?  Hacking is malware, right? This case demonstrates that hacking is not malware.  Hacking is the theft of credentials.  Credentials can be stolen with malware. However, credentials can be stolen in other ways. This hacker is talking to the press. He told The New York Post that the way he stole the credentials was “social engineering.” Rather than attacking systems, social engineering manipulates people.

Learn more at our new blog.

Compromise Monday – Now What?

October 5, 2015

Last week saw an inauspicious beginning to Cybersecurity Awareness Month with user data compromises announced at:

  • The American Banker Association, number undisclosed
  • T-Mobile, 15 million, over 2 years ending Sept. 16, 2015
  • Scottrade, 4.6 million during late 2013 and early 2014
  • Patreon, the crowdsourcing website, 2.3 million users


Now you are aware of Cybersecurity. What next?  You can’t fix your vendors. Learn more about protecting yourself at our new blog.

Chinese Hacking Secrets Revealed

September 25, 2015

The secret behind Chinese hacking has been revealed by ThreatConnect. CNN Money reports:

The hackers’ techniques don’t sound very sophisticated: They send innocent-looking emails to unsuspecting recipients, whose computers then get infected with malware that trawls for sensitive information.

This graphic from ThreatConnect shows the key role played by spearphishing.


Source: ThreatConnect

This simple technique is devastatingly effective because it is easy to create an email that deceives users into taking the actions desired by the attackers. In its September 24, 2015 first page story, “Sleuths Link Hacker to China’s Military,” the Wall Street Journal describes how a spearphishing email works. The Wall Street Journalwrites,

The email attachment would tempt anyone following the diplomatic standoff between China and other countries in the South China Sea.

How can you help your users fight being deceived? Use SP Guard from Iconix. SP Guard lets IT quickly and easily tell users which senders are trusted.

Iconix Issued Seventh U.S. Patent For Email

September 24, 2015

ICONIX, Inc., the industry leader in visual email solutions, announced on September 15, 2015, that the United States Patent and Trademark Office has issued Iconix’s seventh patent titled “User interface for email inbox to call attention differently to different classes of email.” The abstract for U.S. Patent 9,137,048, dated September 15, 2015, states: “Sender emails have their Truemarks (icons) displayed in the sender column of a list view” and “fraudulent emails have a fraud icon displayed with a warning in the sender column.”


Learn more at our new blog.


Get every new post delivered to your Inbox.