By now you’ve read about the new indictment of five hackers from Russia and Ukraine in what is being called the “largest data breach scheme in the US.” You can read the DOJ press release here and/or a redacted copy of the indictment here [PDF]. In what is really a continuation of the Albert Gonzalez saga,
March 4, 2013 UPDATE:
When I wrote this post, I was just using the email purporting to be from FedEx as an example of how one might discern a phishing attempt from a “real” one. Had I spent just a few extra moments in my RSS feed, I would have learned that this particular phishing email has been with us for a few weeks.
… the kingdom was lost.
This real-life cautionary tale, told to me by my colleague’s brother (let’s call him Mr. X), concerns a risk-reward decision gone awry. X’s company is a good-sized global in international construction services company with over $1B in revenue and around 5000 employees; they have about 7000 servers and endpoints under management.
Whenever I think about detecting and defending against today’s sophisticated threats I keep coming back to the same question, “How do you distinguish legitimate activity from malicious?” That is not an easy question to answer.
For instance, read access by an authorized user or by a zombie process running on that user’s computer looks the same in an audit log.
The Australian Department of Defence recently updated their Strategies to Mitigate Targeted Cyber Intrusions guidelines, and I think it warrants a little discussion.
The relatively short (only two pages!) document from the Cyber Security Operation Centre (CSOC) – part of the Defence Signals Directorate (DSD) – is based on their experience in operational cyber security,
In light of all of the widely varying commentary on the Advanced Persistent Threat (APT) issue I have been reading about on the Internet, I wanted to weigh in with my opinion on the issue.
APT – the New Menace?
For the past 20 years, we have at best only reacted to the changing Internet threats well after the fact,