In the course of our threat research, we've encountered different types of social engineering lures that aim to trigger different emotions such as fear and happiness. These lures are often effective, as we've seen happen in several incidents in the past. However, they are also easily recognizable as they often use a common theme, be it a recent event or an ongoing season.
There are also other techniques that use different, more sober approach. These techniques do not aim to trigger ...
Currently, we have been seeing an uptick in the number of denial-of-service attacks using DNS reflection or amplification. There are many variants, but the general outline of the attack is the same:
An attacker creates a DNS query with a fake source IP address - that of the intended victim. (Consider this as being analogous to a fake return-to-sender address.)
The query is sent to a DNS server that accepts queries from external addresses (i.e., those from a different ISP/network than its ...
Zombies (the shambling, brain-eating kind, rather than the computer kind) are all the rage these days. They’re on TV shows and video games. There are even real-life zombie walks. For whatever reason, they’re the current, fun way we like to scare ourselves.
It's not surprising when people are looking to make a little fun mischief that they would pick zombies. There’s a point where hacking and playing come together, and we've seen this lately with zombies. People have hacked roadway signs to warn ...
The term “Watering Hole” has become a popular way to describe targeted malware attacks in which the attackers compromise a legitimate website and insert a “drive-by” exploit in order to compromise the website’s visitors. Two recent papers by our friends at RSA and Symantec documented such attacks.
Of course, such attacks are not new. This technique has long been used by indiscriminate cybercriminal attacks as well as targeted malware attacks. I documented the use of such techniques in 2009 and 2010 ...
We often debate who the most sophisticated hackers in the world are. I firmly believe that there is a direct correlation between the chess-playing community and hacking. To this point, I would tip my hat to the Eastern European hacker crews of 2011 and 2012.
There are three historical factors that distinguish Eastern Europe hackers from those in the rest of the world:
An educational culture which has long emphasized mathematics and chess
A robust underground economy
A well-developed “tradecraft’’ of criminal activity that ...
