Most Feared Cyberattack – Spearphishing

April 27, 2012

Bit9 recently released its 2012 Bit9 Cyber Security Research Report

The report contains a survey of IT and Security Professionals which asks, “What  method of cyber attack are you most worried about?”  The answer — spearphishing, with almost half of respondents identifying spearphishing as the threat that most concerns them.

SP Guard from Iconix provides your staff with the ability to distinguish real email from spearphishing attacks.  Clear here to learn more.

Advertisements

Spearphishing Example – Spoofing FireEye

April 20, 2012

Hackers seeking to steal confidential information from Tibetan activists are using spearphishing emails to infiltrate systems.  Spearphishing occurs when hackers use socially engineered emails in order to deceive targeted email recipients into compromising their systems.

In a textbook example of a spearphishing, reported by The Hacker News, hackers are pretending to send emails from the trusted security company FireEye.  This is an example of one of those fake FireEye emails:

In order to prevent social engineering from deceiving the email recipient,  SP Guard from Iconix modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm.  Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard Inbox

SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard is available now from Iconix.  For further information, contact us at 408-727-6342, ext 3 or use our online form.


Spearphishing Attack Exploits Spearphishing News

April 13, 2012

Hackers use socially engineered emails in order to deceive targeted email recipients into compromising their systems.

In order for a socially engineered email to deceive, it must contain a call to action that is compelling to the recipient. A current attack on Tibetan organizations demonstrates how clever hackers are able to use the news — even news that discloses attacks — to create a compelling call to action.

Two weeks ago, SC Magazine reported that hackers in China were sending highly targeted emails to organizations in Tibet. The spearphishing message used a Tibetan religious festival as the call to action. The email had a PDF attachment which installed malware which is a variant of the GhostRAT command and control APT. The attack was discovered and reported by security experts at AlienVault.

This week, SC Magazine is reporting that the hackers are sending socially engineered emails which claim to be from AlienVault. These fake AlienVault emails demonstrate the opportunistic nature of social engineering. The hackers are exploiting the news of their own attacks by masquerading as AlienVault.

The emails were sent from ‘admin@alienvault.com’ with a subject line of “Targeted attacks against Tibet organisations” and contain a malicious payload that loads a Java applet, which exploits CVE-2011-3544.

In order to prevent social engineering from deceiving the email recipient,  SP Guard from Iconix modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm.  Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard Inbox

SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard is available now from Iconix.  For further information, contact us at 408-727-6342, ext 3 or use our online form.

 


An Ounce of Prevention Against APT

April 5, 2012

Antivirus software does not work against Advanced Persistent Threats. In the realm of Advanced Persistent Threats, the malware is targeted and designed for each intended victim.

The attackers are hard at work creating new malware. According to Bit9:

Furthermore, AV signature-based libraries are growing at 50,000 a day, with current libraries anywhere from 6 to 20 million signatures. At this pace, basing endpoint security solely on AV libraries is unsustainable in terms of sheer volume and efficient endpoint scanning – as well as a drain on IT resources. Some AV vendors now recommend downloading selective signature packs, belying the scalability problem. But more important is currency:
No endpoint security paradigm looking for known malware can detect the not-yet-known, dynamically changing, advanced threat.

In its Second Annual Cost of Cybercrime Study, Ponemon Institute summarized the time it takes to resolve different categories of cyberattack:

Ponemon Institute noted in footnote 12 of the report that the classifications are not independent. It has been clearly established that one of the most effective ways to introduce malicious code into an organization is phishing.

Ponemon Institute estimated the cost of an unresolved cyberattack at $22,986 per day. At Iconix we agree with Bit9 and Ponemon on the importance of technologies that permit rapid detection of attacks so that the damage can be limited. However, as the old saying goes, an ounce of prevention is worth a pound of cure. How do you prevent hackers from deceiving employees with highly targeted socially engineered emails?

In order to prevent social engineering from deceiving the email recipient,  SP Guard from Iconix modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm.  Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard Inbox

SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard is available now from Iconix.  For further information, contact us at 408-727-6342, ext 3 or use our online form.


Global APT Threats

April 2, 2012

Our friends at Trend Micro have released a research report and an infographic that shows the global reach of espionage networks that use spearphishing to infiltrate computer networks.  Spearphishing is a malicious email that is targeted to the recipient that encourages the recipient to take an action that will compromise his system.  Trend Micro summarizes the problem:

The number of targeted attacks has dramatically
increased. Unlike largely indiscriminate attacks that focus
on stealing credit card and banking information associated
with cybercrime, targeted attacks noticeably differ and
are better characterized as “cyber espionage.” Highly
targeted attacks are computer intrusions threat actors
stage in order to aggressively pursue and compromise
specific targets, often leveraging social engineering, in
order to maintain persistent presence within the victim’s
network so they can move laterally and extract sensitive
information.

This infographic provides a visual overview of the problem:

In order to prevent social engineering from deceiving the email recipient,  SP Guard from Iconix modifies the email client’s display to provide a visual indicator of the identity of the sender of email. This is an example from Outlook, the popular business email client, in which a company called “MyCo” is marking their internal messages as well as those from trusted partners such as their law firm.  Note especially the last message, though seemingly benign, is a spear-phishing message and is not marked as authentic:

SP Guard Inbox

SP Guard provides the email recipient with three easy to recognize confirmations that a message is really an internal email or from a trusted counterpart:

  1. List View. There is an integrity indicator in the list view of the email client.
  2. Message. The open message has a further indicator of authenticity.
  3. Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.

SP Guard is available now from Iconix.  For further information, contact us at 408-727-6342, ext 3 or use our online form.