Whitehat Lessons from $300M Cyber Crime Spree

By now you’ve read about the new indictment of five hackers from Russia and Ukraine in what is being called the “largest data breach scheme in the US.” You can read the DOJ press release here and/or a redacted copy of the indictment here [PDF]. In what is really a continuation of the Albert Gonzalez saga,

> Read More

APT1: Another Teachable Moment for Us All

March 4, 2013 UPDATE: 

When I wrote this post, I was just using the email purporting to be from FedEx as an example of how one might discern a phishing attempt from a “real” one. Had I spent just a few extra moments in my RSS feed, I would have learned that this particular phishing email has been with us for a few weeks.

> Read More

For Want of a Nail …

… the kingdom was lost.

This real-life cautionary tale, told to me by my colleague’s brother (let’s call him Mr. X), concerns a risk-reward decision gone awry. X’s company is a good-sized global in international construction services company with over $1B in revenue and around 5000 employees; they have about 7000 servers and endpoints under management.

> Read More

Crazy Ideas for Combating Zombies and APTs

Whenever I think about detecting and defending against today’s sophisticated threats I keep coming back to the same question, “How do you distinguish legitimate activity from malicious?” That is not an easy question to answer.

For instance, read access by an authorized user or by a zombie process running on that user’s computer looks the same in an audit log.

> Read More