Page 3 - index
P. 3
Data Breaches – a Common Theme? Spear Phishing & RATs
It all started with the mainstream media covering the Sony Pictures
Entertainment breach (SPE) – the debates about who did it – Chinese,
Russians, North Korean government, etc. What was missing from this debate
started to become even more clear as we saw the Anthem breach of
80,000,000 records of Americans – their entire PII file – name, address, date
of birth, social security number, salary range, home phone, mobile phone,
email and much more. Then, as I covered online, the major breach of 100
banks which totaled over $300M (Kaspersky says it will hit $1B) in banking
fraud/theft/money laundering.
This again brought us to one simple conclusion – the process of network mail protocol reconnaissance
followed by targeted spear phishing attacks that include zero-day or new remote access Trojans (RATs). It’s
a repeat story that I expect we will see over and over, especially in America and Europe, where companies
who think their firewall and antivirus technologies are sufficient forget the most important factor – people.
They don’t train them well when it comes to best practices for Information Security (INFOSEC). If they did,
defenses against phishing attacks and understanding RATs would be first on their list.
We hear over and over ‘it was too sophisticated for us to detect’. This common theme is a common excuse
that won’t work when law suit after law suit and fines from government agencies pile up because these
companies that we entrust our private information to, have no clue about proper INFOSEC training and the
most simple of countermeasures – defense against phishing attacks.
We can add the bring your own device (BYOD) dilemma to the equation – I would think many of these mobile
devices are also infected with RATs. What this means is – SMS messages, emails and untrustworthy app
downloads are where the cybercriminals minds are at but most businesses and consumers are not. Time to
think about this and become a bit more proactive. So in this month’s edition we have great writers covering
subjects including Security Automation, Internet Of Things, Data Breaches, Damage Control Tips and of
course the big area of risk - Mobile Device Security. Stay vigilant – stay one step ahead of the next threat.
To our faithful readers, Enjoy
Pierluigi Paganini
Pierluigi Paganini, Editor-in-Chief, [email protected]
3 Cyber Warnings E-Magazine – November 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
