Spearphishing – The Hack of Choice

November 30, 2012

Our friends at Trend Micro have just released a study called “Spear-Phishing Email: Most Favored APT Attack Bait” discussing the methods used to infiltrate systems in APT – Advanced Persistent Attacks.  The findings?  91% of targeted attacks arrive via email.   Spearphishing emails deliver their malware using three different delivery methods:

  1. Malicious Attachments, which, when opened, install malware
  2. Malicious Links, which, when clicked and followed, install malware
  3. Other Methods, such as instructions to visit a website or call a telephone number.

Of these methods, the overwhelming favorite used by attackers was malicious attachments.

attachments

Source: Trend Micro

In addition to revealing the tactics used in APT, Trend Micro also investigated the intended victims.

targets

Source: Trend Micro

Spearphishers deceive by masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. You can contact us at 408-727-6342, ext 3 or use our online form.

Advertisements

Did the US Cyberspy on France?

November 26, 2012

It is being widely reported that France is accusing the US of cyberespionage.  Techspot reports the details of how the spies were able to infiltrate the computers of President Sarkozy’s advisors to steal information.

In order to pull off the attack, the hackers leveraged their social engineering skills. First, they used Facebook to identify individuals close to Sarkozy and his team. Those hackers then crafted a bogus yet effectively indistinguishable clone of Elysee Palace’s website and sent phishing emails to lure Sarkozy’s advisers into logging on. When Sarkozy’s trusted cohorts attempted to log on to the fake page, hackers recorded their passwords and subsequently used them to access the real palace website.

L’Express provides more details and a graphic that summarizes the attack.

This is not the first time that fake emails have compromise the French government.  The French Finance Ministry was compromised last year. Of course, the US is not immune from such attacks — as demonstrated by the recent attack on the White House.

Spearphishers deceive by masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. You can contact us at 408-727-6342,ext 3 or use our online form.


2013 Security Threats — Websense

November 16, 2012

Websense has release a comprehensive prediction of the security threats for the coming year.  We recommend that anyone interested in the evolving threats and tactics being used to attack systems should read this comprehensive report.

Because Iconix is an email security company, we focused on the email predictions.  Websense predicts that email will continue to be a favorite means of attack. For consumers, this means more deceptive emails that leverage important recurring events (tax time, elections, etc.), current events and clever trickery to lure people into giving up money or credentials.  On the enterprise side, spearphishing will be used to deliver more technically advanced malware that evades detection. Websense provides this foreboding warning:

There are a number of other reasons behind the CSOs’ concern about spear-phishing. For example, most security solutions are designed around a “sacrificial lamb” model where some user, somewhere, must become the first victim. Even behavioral and next-gen technology lacks enough information in the early stages to tell if the “result” will be bad, so they have to wait for something “bad” to happen. Only then do they evaluate the events that led up to the first breach. For normal mass-market threats, the chance that someone in your own organization will be the first victim is small. For a spear-phishing attack, it is 100 percent.

At Iconix, we don’t subscribe to the sacrificial lamb model.  We believe that prevention is an important layer in the multi-layer defensive strategy.  SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. You can contact us at  408-727-6342 ,ext 3 or use our online form.


Cyber-Industrial Espionage Growing – Investors Don’t Know

November 6, 2012

In a story entitled Coke Gets Hacked and Doesn’t Tell Anyone, Bloomberg reports on the growing problem of cyber industrial espionage undermining the value of companies.  The article illustrates the central role of spearphishing in cyber-industrial espionage:

The Coca-Cola report provides a rare and chilling account of the intricate and determined ways that hackers raided its files — from pilfering internal e-mails to gaining the ability to access almost any Microsoft (MSFT) Windows server, work station or laptop on the network with full remote control.

Computer hackers made daily incursions through Coca-Cola networks over a period of at least one month, often using systems that were first compromised by infected e-mails sent to company executives. The messages were disguised to look authentic but actually contained malicious software, or malware, that gave intruders a pipeline into the company’s networks, according to the report.

Once inside, the hackers struck quickly. In the first two days, they uploaded a dozen tools allowing them to steal e-mails and documents, installed a keystroke logger on the machine of a top executive in Hong Kong, and stole computer account passwords for other Coca-Cola employees, including those with administrative powers, to help them move freely across the company’s network, according to the report.

The article discusses several other attacks, including one revealed by MI5 which cost an undisclosed company $1.3 billion (see paragraph 26).

Bloomberg has posted an extensive interview with Jacob Alcott of Good Harbor Consulting regarding cyber-industrial espionage.

Click to Link to Video

Jacob Olcott Discusses Cyber-Industrial Espionage

Spearphishers deceive by masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. You can contact us at  408-727-6342 ,ext 3 or use our online form.