2011 – The year of spear phishing And spear phishing
November 17, 2011 by Aaron Higbee in PhishingAn odd title for a blog post but something that has been on my mind for a while now. We get a fair amount media requests for comments or perspective on phishing stories. This is a good thing. It’s nice to have recognition in your field. Of course 2011 was no shortage of phishing related news. (What’s up RSA, I’m looking at you. I’ve noticed you frequent our website a lot. How about a demo. Couldn’t hurt?)
Spear Phishing with Password Protected Zip Files
November 1, 2011 by Cofense in PhishingThe Slashdot headline this morning reads: Spear Phishing Campaign Hits Dozens of Chemical, Defense Firms What is it about? Simple, the poison ivy trojan wrapped in a password protected ZIP file so it can get past filtering. Symantec has an excellent analysis of these attacks in a paper titled: The Nitro Attacks: Stealing Secrets from the Chemical Industry by Eric Chien and Gavin O’Gorman. You can read the entire paper here. “The most recent attacks focusing on the chemical industry are using password-protected 7zip files which, when extracted, contain a self-extracting executable. The password to extract the 7zip file is included in...
Current events: How news exposes your company to spear phishing attacks
October 11, 2011 by Cofense in PhishingLike many high-profile events, the passing of Apple’s co-founder and former CEO, Steve Jobs, has initiated a slew of new phishing attacks that are designed to play on recipients’ emotions about the event. Steve Jobs and Apple themed phishing campaigns are in the wild but more concerning are the spear phishing attacks targeting iPhone users. PhishMe understands how these events can adversely affect our customers therefore we have released a new phishing simulation theme designed to train susceptible users on how to identify and avoid current event based attacks. -Scott
User Awareness: A Growing Concern Among Organizations
September 6, 2011 by Cofense in Internet Security AwarenessPhishing has always been a challenge for companies, but in recent months high profile breaches have cast a bright light on a more pressing aspect of the phishing threat – user awareness; or the lack there of! The reason phishing attacks are so effective is because most employees have a basic level of phishing awareness. Companies attending recent events such as Black Hat and SANSFIRE, reiterate a common theme; “we need more effective ways to increase our employees’ awareness to help minimize the success of phishing attacks.” Once thought of as a threat that could be mitigated simply by an...
Spear Phishing Impersonators: Beware of familiar names from free email services
July 29, 2011 by Cofense in PhishingThere is a common spear phishing tactic that we help our PhishMe customers combat, and that is attackers using familiar names with fake free webmail accounts. The attacker wants to break into Widget, Inc. The first thing they do is research Widget, Inc., looking business units who may have access to the information assets they are targeting. Once they have picked their target, they need familiar names to make their spear phish more enticing to the eventual victim. They will pick a real name inside of Widget, Inc, that will serve as the From: line of the spear phishing email. Sometimes...
Machines v/s Humans: Who Do You Think Is More Intelligent?
June 9, 2011 by Cofense in Cyber Incident ResponseThreat IntelligenceAs the barrage of security breaches continues, Citigroup is the latest victim. This eWeek article: http://www.eweek.com/c/a/Security/Citigroup-Credit-Card-Portal-Breach-Compromises-200000-Customers-461930/ discusses the potential impact of this attack. One of the commentators brings up the topic of phishing. Hannigan, the CEO of Q1 labs, rightly points out that “Security trust means more than just making sure you’re in compliance with regulations,”. On the other hand, some of the quotes, like that from Anup Ghosh, co-founder of Invincea has a blatant technology solution vendor bias. He discounts human intelligence when referring to customers in this quote – “it’s not reasonable to expect them to differentiate...
Phishing and Spear-Phishing and APTs, oh my!
April 22, 2011 by Cofense in PhishingWith all of the media coverage on the recent flurry of successful phishing attacks targeting RSA, Epsilon’s clients and their customers, and Oak Ridge, it’s come to our attention that the fire hose of terms might leave some people confused. We thought it might be a good opportunity to explain what some of these terms are (and aren’t). Phishing Phishing essentially boils down to an adversary tricking a victim into doing something. Email is, by far, the most common medium used but others are certainly possible (snail mail, telephone calls, etc.). A traditional consumer email phish is what most of...
RSA breach: Lessons Learnt
April 18, 2011 by Cofense in Internet Security AwarenessPhishingMost of you have probably heard about the “RSA hack” by now. It was hot news three weeks ago when an employee at RSA fell prey to a targeted phishing attack as explained in this blog post: http://blogs.rsa.com/rivner/anatomy-of-an-attack/ . A couple of issues highlighted in this article really caught my attention. The article states – “These companies deploy any imaginable combination of state-of-the-art perimeter and end-point security controls, and use all imaginable combinations of security operations and security controls. Yet still the determined attackers find their way in. What does that tell you?“. That tells me that technology by-itself is...
Solve spear phishing with another appliance?
April 15, 2011 by Cofense in PhishingHave a spear phishing problem? You are not alone. Spend some time at the excellent contagio malware dump blog: http://contagiodump.blogspot.com/ So how is the multiple racks of endpoint security malware detection equipment protecting you today? If namelist.xls was emailed into your organization, how would you fare? http://www.virustotal.com/file-scan/report.html?id=9071f0b9b1e428cf4703b1e8988abaff70a6fbd6c3e0df7aaf4d1b6741a5341c-1302813557
Education vs. Technology
April 14, 2011 by Cofense in Internet Security AwarenessTrusteer recently released a study containing the results of a spear phishing test against 100 LinkedIn users. Their findings had a 68% failure rate. While a 68% failure rate seems high, it is not an unusual number for a group that has received no prior education or training in how to spot phishing – or at least training that is meant to be effective. We know this based on having sent well over a million spear phishing emails to employees of corporations across multiple industry verticals. Trusteer, a company that specializes in the creation of information security software products, stated...