A researcher who has studied the malicious software used in the attacks on media outlets and banks in South Korea this week said the attacks were coordinated, but messy and loud, without many of the hallmarks of a state sponsored hacking operation. Richard Henderson, a Security Strategist at Fortilabs at Fortinet Inc. said that the malware used in the attack was programmed to begin operating at 2:00pm local time, suggesting that those behind it had planned their operation for weeks or months before launching it. Still, Henderson said many details of the attack make it dissimilar from so-called “advanced persistent threat” or APT-style hacks that are carried out by foreign governments or groups working on their behalf. Henderson said that Fortinet analysts first obtained a copy of the malware on March 19, a day before the attacks. Researchers there had already identified the “time bomb” hidden in the code, which was […]
Tag: phishing
Twenty ISPs Responsible For Half Of All Spam
One of the lessons we’ve learned in recent years is that online attacks can come from anywhere. Viruses and spyware were more common to pornography and pirate download web sites five years ago. Today, even the most reputable web sites might be the source of online mayhem. In fact, so-called “watering hole” attacks that exploit legitimate web sites and use them as honey pots to lure the intended victims are all the rage among sophisticated attackers. (For evidence of this, see our recent story on the compromise at the web site of The National Journal, a publication for Beltway policy wonks.) But the Internet still has its dark alleys and bad neighborhoods. And they’re still the source of a lot of malicious activity – especially in connection to run of the mill crimes like spam and phishing attacks. That’s the conclusion of research done by students at the University of Twente’s […]
Many Watering Holes, Targets In Hacks That Netted Facebook, Twitter and Apple
The attacks that compromised computer systems at Facebook, Twitter, Apple Corp. and Microsoft were part of a wide-ranging operation that relied on many “watering hole” web sites that attracted employees from prominent firms across the U.S., The Security Ledger has learned. The assailants responsible for the cyber attacks used at least two mobile application development sites as watering holes in addition to the one web site that has been disclosed: iPhoneDevSDK.com. Still other watering hole web sites used in the attack weren’t specific to mobile application developers – or even to software development. Still, they served almost identical attacks to employees of a wide range of target firms, across industries, including prominent auto manufacturers, U.S. government agencies and even a leading candy maker, according to sources with knowledge of the operation. More than a month after the attacks came to light, many details remain under tight wraps. Contacted by The Security […]
You’ve Been Hacked By APT! (The Video)
The whole APT – or “Advanced Persistent Threat” – meme has received a lot of attention in the media. This site and others have written about APT-style hacks, such as the recent compromise at The New York Times. But what does an APT hack look like? And what would it mean if you or your employer were in the crosshairs of an APT-type actor? The SANS Institute’s Securing The Human project has put together a nice training video that helps answer some of these questions, and to explain how APT-style attacks work. This is good stuff – explaining the difference between cyber crime and APT, and generic enough that any organization could use it as a training video. SANS says that it will produce one of these a month, and post them on the first of each month. My only criticism here is that, after they do a solid job describing […]
New Phishing Toolkit Uses Whitelisting To Keep Scams Alive
Researchers at RSA say that a new phishing toolkit allows attackers to put a velvet rope around scam web pages – bouncing all but the intended victims. The new toolkit, dubbed “Bouncer,” was discovered in an analysis of attacks on financial institutions in South Africa, Australia and Malaysia, said Daniel Cohen, Head of Business Development for Online Threats Managed Services at RSA. The kit allows attackers to generate a unique ID for each intended victim, then embed that in a URL that is sent to the victim. Outsiders attempting to access the phishing page are redirected to a “404 page not found” error message, Cohen said. In phishing attacks, attackers pose as a legitimate online entity in an attempt to obtain a user’s username, password or other sensitive information. Phishing attacks often rely on imposter web sites to trick users into giving up their secret information. The discovery of “Bouncer” underscores the […]
