October 10, 2012
Spear Phishing Remains Most Difficult Attack to Defend Against
Spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model. One of the newer attack strategies is the relatively recent ‘watering hole’ technique, but the changes also include an increased focus on victim behavior, and the adoption of successful tactics used by other factions of the cybercriminal world, specifically scareware and ransomware.
Infographic via Websense

Spear Phishing Remains Most Difficult Attack to Defend Against

Spear-phishers, like the ones that compromised a White House network last week, are implementing new evasion tactics, fundamentally changing their attack strategies, and revolutionizing the targeted threat model. One of the newer attack strategies is the relatively recent ‘watering hole’ technique, but the changes also include an increased focus on victim behavior, and the adoption of successful tactics used by other factions of the cybercriminal world, specifically scareware and ransomware.

Infographic via Websense

June 5, 2012
Cloudflare CEO: AT&T Voicemail Hack Key To Compromise
Loose security protecting voice mailboxes at mobile carrier AT&T provided a key element necessary to successfully hack the Google Enterprise Apps account of tech firm CloudFlare, according to an account of the hack posted by CEO Matthew Prince.
Read more:
Infographic via Cloudflare

Cloudflare CEO: AT&T Voicemail Hack Key To Compromise

Loose security protecting voice mailboxes at mobile carrier AT&T provided a key element necessary to successfully hack the Google Enterprise Apps account of tech firm CloudFlare, according to an account of the hack posted by CEO Matthew Prince.

Read more:

Infographic via Cloudflare

January 25, 2012
Who’s Spying on Whom?
Examples include hacks of RSA, Lockheed Martin, and Mitsubishi Heavy Motors as well as the sagas of Stuxnet and DigiNotar. 
Infographic via Popular Mechanics

Who’s Spying on Whom?

Examples include hacks of RSA, Lockheed Martin, and Mitsubishi Heavy Motors as well as the sagas of Stuxnet and DigiNotar

Infographic via Popular Mechanics

August 29, 2011

lennyzeltser:

The Dark Side of Remote Desktop

Organizations large and small often make use of Remote Desktop or Terminal Services to remotely connect to Windows computers over the Internet and internally. These tools use Microsoft’s RDP protocol to allow the user to operate the remote system almost as if sitting in front of it. Such capabilities are helpful for not only legitimate users, but also for attackers.

The Internet community saw a reminder of the dark side of RDP due to the emergence of the “Morto” worm. According to F-Secure, a system infected with the worm scans the local network for systems listening on TCP port 3389 and, when it does, attempts to login to them via RDP by guessing the Administrator password. The worm uses a list of common 30 passwords, which include favorites such as “password” and “12345678”.

The emergence of this worm correlates with the increased volumes of TCP port 3389 traffic, reported by SANS Internet Storm Center a few days prior to the F-Secure report:

The propagation approach employed by “Morto” is often used by penetration testers and human attackers alike: access the remote host by brute-forcing the password. One free tool that can automate this process is TSGrinder. You can see TSGrinder in action in the video I attached to this post. Note that TSGrinder is relatively slow, and requires that an older version of Remote Desktop client be installed on the attacking system.

A more modern (and faster) tool for remotely brute-forcing RDP credentials is Ncrack. Ncrack is a command-line tool that also supports a variety of other protocols, including SSH, VNC and FTP. In addition to being available in the source code form, Ncrack can be downloaded in a compiled form for Windows and OS X. (Update: For more on using Ncrack for RDP cracking, see Chris Gates’s post on the Carnal0wnage blog.)

Brute-forcing passwords on the internal network using tools such as TSGrinder and Ncrack is often quite effective. The approach also works over the Internet in many cases, because organizations often expose TCP port 3389 for remote access to workstations and servers over the Internet.

We can use the emergence of the “Morto” worm as a reminder to examine the use of Remote Desktop for remote access to systems over the Internet. Consider requiring an authenticated VPN connection before anyone has the ability to connect to this service. If you have to expose the service to the Internet without a VPN, don’t use the default port TCP 3389—instead pick a random high-numbered port. And, it goes without saying, use strong passwords and non-Administrator accounts. Lastly, consider configuring user accounts for auto-lockout after a number of unsuccessful logon attempts, while recognizing the potential for a denial of service attacks when the attacker could trigger such a condition remotely.

Hand-picked related items:

Lenny Zeltser

July 15, 2011

Outdated Assumptions:

A Threapost editorial by Gunter Ollman

[Image 1]

The simplistic view of the threat is that the entity conducting the attack contains, manages and orchestrates all the components necessary to perform the attack. Or, in a simple Venn diagram format, the delivery, malware and fraud components are defined as being core components of the “attacker”.

The reality of the situation is very different…

[Image 2]

In today’s federated cybercrime ecosystem, the “attacker” selects and manages relationships with multiple external entities that specialize in the delivery of specific components of an attack. Each specialization is independent of the attacker – and will more than likely be servicing multiple “attackers” simultaneously. More importantly, most of the service providers are so removed from the actual attack (and attacker) that the “victim” is unimportant and irrelevant to their contribution.

9:02am  |   URL: http://tmblr.co/Z1C9jx77_VwE
  
Filed under: security hacking hackers tech 
June 20, 2011
Infographic Via Cisco Blog:

Security professionals need to be one step ahead of the criminals.

Infographic Via Cisco Blog:

Security professionals need to be one step ahead of the criminals.

June 20, 2011

privacyandsecurity:

Great video produced by the team at Symantec on a social engineering scam that’s on the rise.

There are a lot of worrying points here. Firstly, this company had lied to me by telling me I had a malware infection. I then had to pay 129 euro for them to clean up this so-called infection. I also had to provide them with a number of personal details, including my credit card number. Unfortunately security software can’t protect against this type of social engineering. If you get a call from the “Online PC Doctors”, just hang up and advise your friends and family to do the same.

May 19, 2011

I have no idea if this is real, but if it is…

duncan86-deactivated20110518:

URBAN HACK ATTACK - EPISODE 1 (by WeLeftTheBuilding)

11:55am  |   URL: http://tmblr.co/Z1C9jx5G8QI1
  
Filed under: hacking 
May 17, 2011
This random penguin on hacking via vanguardparty:

This random penguin on hacking via vanguardparty:

10:03am  |   URL: http://tmblr.co/Z1C9jx5CMaqu
  
Filed under: hacking security coding tech 
Liked posts on Tumblr: More liked posts »