New Blog Location

We recently revised our website.  Our blog is now integrated into our website.  You can find our blog at:

http://sp-guard.azurewebsites.net/index.php/blog/

We appreciate your loyal readership and hope that you will continue to read our blog at its new location.

Constant Improvement — For Malware

In the on-going battle between malware makers and security vendors, the malware makers are taking a page from the book of legitimate developers and are using QA to test their products to be sure the products are effective.  Unfortunately, in this case effective means effective in evading the tools designed to protect systems.

Dancho Danchev, writing in the Webroot Threat Blog in a posting entitled,  How cybercriminals apply Quality Assurance (QA) to their malware campaigns before launching them, describes how online cyber crime tools that have been used by hackers since 2009.  This is a screenshot from one of these online development tools.

Dancho reports that these online tools are now appearing as desktop solutions for hackers  who don’t want to expose their work on-line.  Dancho warns,

The existence of this service, and the community that’s apparently orbiting around it, greatly reminds us of the limitations of signatures-based antivirus scanning in 2013. Thanks to commercially available DIY malware crypting services, commercially available undetected DIY malware generating tools, as well as managed malware/ransomware services taking care of the detection process, cybercriminals are perfectly positioned to capitalize on the users’ false feeling of security and lack of situational awareness on the whole infection process.

Better malware means two things for the enterprise.  First, as Dancho observes, better situational awareness.  It also means better prevention.  With spearphishing being the infiltration method of choice, enterprises need to prevent that exploit with a real spearphishing defense.

Spearphishers deceive employees into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.

China Read McCain’s Mail – Before He Sent It

NBC News is reporting that the 2008 Presidential Campaigns of Barack Obama and John McCain were spied upon by the Chinese.

Click To Watch NBC News Report

NBC is reporting that the espionage conducted against the campaigns of the two candidates was far more extensive than was disclosed to the public at the time.

In one incident that caused concern among U.S. intelligence officials, the Chinese hackers appeared to have gotten access to private correspondence between McCain, then the GOP presidential candidate, and Ma Ying-jeou, the newly elected president of Taiwan. On July 25, 2008, McCain had signed a personal letter — drafted on campaign computers — pledging his support for the U.S. –Taiwanese relationship and Ma’s efforts to modernize the country’s military. A copy of the letter has been obtained by NBC News.

But before the letter had even been delivered, a top McCain foreign policy adviser got a phone call from a senior Chinese diplomat in Washington complaining about the correspondence. “He was putting me on notice that they knew this was going on,” said Randall Schriver, a former State Department official who was serving as a top McCain adviser on Asian policy. “It certainly struck me as odd that they would be so well-informed.”

How could this have happened?  As a loyal reader of this blog, you know the answer.  Spearphishing.

Spearphishing is successful because it targets the people who use the systems, not the systems themselves. At Iconix, our goal is to make this threat vector less effective. Spearphishers deceive employees into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.

NetTraveler Isn’t Traveler

For fans of intercollegiate football, the name Traveler means one thing — the USC Trojans mascot.

Traveler

NetTraveler is a horse of a different color — a trojan horse that is focused on stealing information. Kaspersky just reported its discovery of NetTraveler, malware that establishes Command & Control (C&C) servers on victim’s machines for the purpose of stealing information. NetTraveler has been quietly stealing information since 2004. Kaspersky calculates that there are over 22 gigabytes of stolen data on the NetTraveler C&C servers. Kaspersky observed that 22 gigabytes is only a small fraction of what was stolen because Kaspersky was unable to see what was previously downloaded and deleted from the C&C servers. NetTraveler has been stealing information related to aerospace, nanotechnology, nuclear power cells, lasers, drilling, manufacturing in extreme conditions, and radio wave weapons. This is the worldwide scope of the attacks:

How were these systems compromised?  Spearphishing.  Socially engineered emails were sent to targeted individuals with malicious word attachments. When the attachment was opened, the C&C software was installed. Training materials uncovered by Kaspersky show that the attackers were paid bounty hunters — being paid for the systems they successfully compromised. The network of hackers using these attack tools is known to have over 80,000 members.

Spearphishing is successful because it targets the people who use the systems, not the systems themselves. At Iconix, our goal is to make this threat vector less effective. Spearphishers deceive employees into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.

Enjoy this video of Traveler: