APT1: Another Teachable Moment for Us All

March 4, 2013 UPDATE: 

When I wrote this post, I was just using the email purporting to be from FedEx as an example of how one might discern a phishing attempt from a “real” one. Had I spent just a few extra moments in my RSS feed, I would have learned that this particular phishing email has been with us for a few weeks.

> Read More

For Want of a Nail …

… the kingdom was lost.

This real-life cautionary tale, told to me by my colleague’s brother (let’s call him Mr. X), concerns a risk-reward decision gone awry. X’s company is a good-sized global in international construction services company with over $1B in revenue and around 5000 employees; they have about 7000 servers and endpoints under management.

> Read More

Crazy Ideas for Combating Zombies and APTs

Whenever I think about detecting and defending against today’s sophisticated threats I keep coming back to the same question, “How do you distinguish legitimate activity from malicious?” That is not an easy question to answer.

For instance, read access by an authorized user or by a zombie process running on that user’s computer looks the same in an audit log.

> Read More

Application Whitelisting: Key Protection Against Targeted Cyber Attacks

The Australian Department of Defence recently updated their Strategies to Mitigate Targeted Cyber Intrusions guidelines, and I think it warrants a little discussion.

The relatively short (only two pages!) document from the Cyber Security Operation Centre (CSOC) – part of the Defence Signals Directorate (DSD) – is based on their experience in operational cyber security,

> Read More