Tag Archives: email

Frustrate, Disrupt, Evade

Stop that RAT!

Stop that RAT! by dirigentens

Much of the focus on Advanced Persistent Threat and targeted attack prevention methodology can be related to the Lockheed Martin Cyber Kill Chain, which is itself based on the conventional US military targeting doctrine — find, fix, track, target, engage, assess (F2T2EA) methodology.  The Cyber Kill Chain comprises seven phases: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control  (C2) and Actions on Objectives.

It is important to remember that the Cyber Kill Chain does not describe a defence methodology, rather it breaks down the steps an attacker will take in order to compromise a target.  This view of an attack as a chain of related actions, rather than discrete incidents is key to understanding how to frustrate, disrupt or evade persistent attempts at intrusion. Offense must inform defence, where the goal is to terminate an attackers ability to continue or complete the assault.
Continue reading

Triskaidekaphobia? Predictions for 2013

Happy New Year?It’s that time of year again; snow thick on the ground, mistletoe in my back pocket, mulled wine to warm your hands and of course security predictions for 2013.

Trend Micro today released Security Threats to Business, the Digital Lifestyle, and the Cloud, our security predictions for 2013 and beyond. At first glance, the headline prediction may sound surprising; the volume of malicious and high-risk Android apps will hit 1 million in 2013. However, when you consider that our prediction for total Android malware by the end of 2012 has been constantly revised up throughout the year and now stands at over a quarter of a million, maybe it no longer sounds so fanciful.
Continue reading

Skype vulnerability makes hijack child’s play.

A serious vulnerability in Skype has come to light. This vulnerability allowed you to take over the Skype account of any other user, armed only with knowledge of their e-mail address.

Proof of concept for the issue was posted in a Russian forum about three months ago and the original poster posted again on a different site just yesterday that the vulnerability was still not fixed. The author also notes that abuse of the vulnerability has been widespread, affecting many users from his own contact list.
Continue reading