You are viewing 'attackers'
Hint: Hollywood gets it wrong
If there is one thing you should know about cybercriminals, it is that they can be extraordinarily patient.
Much like an anaconda that can wait for its chosen prey for six months or more, cybercriminals are in no rush to launch into a cyberattack unprepared.
With the potential for virtually endless profits, cybercriminals organize their efforts more precisely than an air traffic controller manages takeoffs and landings.
Hollywood, though, tends to embellish what actually happens within a cybercriminal’s operations since, truth be told, hacking is boring – or at least boring to watch.
I’ve met quite a number of hackers in my lifetime, and never once did their stories contain, “And then I hacked into the bank’s servers, and ACCESS GRANTED flashed across the screen in bright green letters!”
With the way hacking and cybercrime are portrayed in movies and TV... read more >
FireEye acted quickly to close a serious vulnerability in some appliances
On Tuesday, December 15, 2015, FireEye, a worldwide provider of cybersecurity and malware protection to clients in the public and private sectors, issued a Support Notice to its clients regarding a critical vulnerability in a module which analyzes Java Archive (JAR) files.
Google’s Project Zero, a team dedicated to finding new vulnerabilities, discovered this severe security hole in the way the Malware Input Processor (MIP) utilizes an open source Java decompiler called Java Optimize and Decompile Environment (JODE). MIP uses the JODE decompiler in conjunction with JAR helper to statically analyze JAR files and check for signatures which may suggest malicious code. JODE is then used by Java’s SimpleRuntimeEnvironment class to deobfuscate strings by dynamically executing a small sample of the bytecode.
Affected... read more >
It appears that we have come to the day as security professionals that to be part of the elite you have to disclose a new threat actor group or campaign with a code name. Once they’ve created a fun name for the threat actor group or campaign, it is usually sprinkled with some of the tactics and indicators used. The issue with the current state of naming conventions is that it has done nothing more than create great marketing material and confusion for a large part of the security community.
As a security professional who spends the majority of my time tracking threat actors, malware samples and common indicators of compromise, you may be asking “don’t you see this sharing (disclosing events) as a good thing and why is it so confusing?”
First of all, I believe the increase in sharing over the last few years has been great and has even broken down some of the barriers that were in place before. Where the confusion comes in, however, is everyone... read more >
Focusing on the Who
Recently, I’ve seen several articles talking about the attribution of attacks and its necessity. Attribution in the commercial world and government sector have different levels of importance. Attribution in the government sector is essential. The government, including three-letter agencies, needs to ensure that they have “the who” portion of an attack correct, to a very high degree of confidence. The government uses this information to determine which actions to carry out against an actor. If they are wrong about “the who”, serious consequences may occur.
So what level of attribution should companies in the commercial world worry about? ThreatConnect, a Threat Intelligence/Attribution specialized company, makes a great point in a recent Krebs on Security... read more >
An alternate take on the snake
I guess it is time to take off my shoes, because I have run out of fingers to count the number of times I read "OMG THIS IS THE NEXT HEARTBLEED!" for normal vulnerabilities.
Marketing firms have definitely figured out how to promote their researchers' activities:
Scary Name + Cool Logo == Unique Hit Counts == KPI met on your next review
I get it. I totally do. It becomes an issue, however, when every blog site picks it up and people start getting freaked out about relatively normal things.
- New vulnerabilities occur all the time
This includes high, medium and low priority vulnerabilities. Some are pretty bad, allowing for sensitive information disclosure, denial of service, or remote code execution. Most software engineers are not magicians who create perfect code every time. Even those who are have their code pieced together with the work of others, resulting in unintended...