Stratfor — The Other Shoe Drops

Just before Christmas 2011, Stratfor was hacked by Anonymous.
The means of that attack are unknown.

Government Computer News is now reporting that the stolen Stratfor data are being used to send deceptive targeted emails to government email addresses. Microsoft has published technical details of the attack, including this sample fake email:

The fake email delivers a malicious attachment in the form of a pdf file with a virus.  Microsoft elaborated on the attack:

The link displayed in the emails appears legitimate at first glance, but looking closely at the target address, you notice that it doesn’t originate from the address in the email text. Stratfor is based in Texas, United States however the download URL is located somewhere in Turkey. A sample of another PDF file contained a download link for yet another compromised site, this time in Poland.

Microsoft researchers may notice the subtle difference between real and fake link addresses.  Most people will not.  People need a tool that allows them to effectively process a lot of email quickly.  Such a tool is available now from Iconix. That tool is SP Guard.

SP Guard Inbox

SP Guard provides the recipient with three confirmations that a message is real:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard now offers a fraud filtering enhancement.  This additional protection is becoming increasingly important given the latest generation of highly targeted spear-phishing emails which are so well crafted that users cannot tell real from fake.

SP Guard is available now from Iconix.  For further information, contact us at 408-727-6342, ext 3 or use our online form.


Comments are closed.