Your Cyber Intelligence Source

Phishers have been targeting software updates to distribute malicious software (malware). In the example below, the phisher sent the email from a spoofed Microsoft account to a Cyveillance email address, prompting the user to click on the update link in the body of the message. The link itself appears to be a legitimate Microsoft update site (update.microsoft.com). However, the link is actually obfuscated and when clicked, routes the user to a malicious Website infected with malware.

While attacks such as the one above are not new, it is only recently that this method has truly become a mainstream vector. It is likely that we will continue to see more of this type of attacks in the future.

Clicking on links within emails presents potential danger to users. Cyveillance recommends only updating software from the update feature within the application or actually downloading the update from the software vendor’s Website.

Cyber criminals are leveraging high profile current events and Twitter to distribute malicious links on the Internet. Cyveillance recently discovered “Maltweets,” Twitter messages or tweets that contain URLs of infected sites that are using terms such as “Lakers” and “Air France” to entice users to click on the malicious links. 

The Web addresses included in these Maltweets are very dangerous, posing the threat of a malicious file download to a computer without the user’s knowledge. Once downloaded, the file may install hidden components on a computer, then attempt to execute malicious activity against the user, the user’s computer or network resources. The malware could allow criminals to takeover the computer, use it as part of an illegal botnet, install dangerous root kits and even capture sensitive user information such as usernames, passwords and other personally identifiable information for the purpose of identity theft.

More info can be found at: http://www.cyveillance.com/web/news/press_rel/2009/2009-06-23.asp

A story by the San Francisco Chronicle posted on www.sfgate.com earlier today sheds light on the “cat-and-mouse game” played every day on the Internet between the security industry and online criminals. The story focuses on the growing sophistication of one particular online criminal organization, GoldenCashWorld. The story can be found at: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/06/16/BUK618882A.DTL

Unfortunately, GoldenCashWorld is only one of many technically sophisticated criminal groups on the Internet. These groups continue to be successful at facilitating and conducting online criminal activity. This success enables their available resources to grow and technical capabilities to improve. The success also lures many new technically proficient individuals into the cyber criminal underworld. These issues combine to create an ever-growing threat of online criminal activity volume and sophistication which the security industry must adapt to in order to minimize the effects.

Cyveillance has long been aware of these efforts by the criminals who are forced to develop very sophisticated methods to bypass detection and security countermeasures. This is a clear indication that the efforts of Cyveillance and others in the security industry are working. As we enter a new era in Security and Intelligence with our acquisition by Qinetiq NA, Cyveillance will continue to make the investments in personnel and technology needed to protect our customers and always stay one step ahead of the bad guys.

The public interest in supporting competition and protecting end-users does not support elimination of the current separation of Registry and Registrar ownership. The end result would be further consolidation of the top tier registrars, gaming of the loopholes in the current contractual reciprocity provisions, and potential increased brand abuses. These changes would, in conclusion, present a severe negative impact on competition among Registries and among Registrars and harm to end users.

Because several registrars own vast domain portfolios, the equal access and vertical separation requirements also have the positive effect of preventing particular registrants from having privileged access to domains in particular registries. Relaxing the requirements could inhibit competition in the market for domain names. Worse, it could make it essentially impossible for brand owners to prevent abusive registrations of their domains in registries where a particular registrant has a pre-emptive ability to register domains. Therefore, preventing registrants from gaining privileged access to particular registries is a compelling reason to preserve the vertical separation requirements. Because of the dangers of the competitive abuses described above, Cyveillance strongly urges the ICANN Board to maintain the separation in the current ICANN contracts and ensure the implementation of regulations that will maintain this clear separation.

More information as well as the opportunity to comment on the proposed change can be found at http://www.icann.org/en/public-comment/.

During the past couple of weeks Cyveillance has noticed an increase in the amount of phishing activity targeting Internet Service Providers (ISPs). While credentials stolen from the ISP-targeted attacks do not offer much direct financial gain for the phishers, they do offer a wealth of user information that can be leverage in other phishing or spear phishing attacks.

Commonly, phishers will utilize information obtained from non-financial attacks such as ISPs to launch other social engineering attacks. For example, information such as the potential victim’s email address, telephone number, physical address and other information can be obtained from a compromised ISP account. The phisher will incorporate this data in a direct email or phone call to the potential victim in order to establish credibility. Once the credibility has been established, the likelihood for the victim to divulge sensitive information increases substantially.

For years now Cyveillance has been the cyber intelligence leader, emphasizing a proactive approach to cyber security. Our method of gathering, processing and delivering cyber intelligence to customers and partners for use in threat mitigation and cyber security planning is widely regarded in the market and our intelligence is often cited in the press. This intelligence-led approach to security is also one of the primary drivers behind our recently announced agreement to be acquired by QinetiQ North America.
 

With the recent release of the US Government’s Cyber Security Policy Review, Cyveillance’s intelligence-led approach is quickly gaining ground as a mainstream trend in security. A major focus of policy review is the discovery and analysis of potential threats and building and implementing the policies and infrastructure needed to prevent or block them. This proactive approach to security is the foundation for our technology which produces the actionable intelligence needed to stay one step ahead of these growing and dynamic cyber threats. For more detailed information on this approach, you can download The New Protection Paradigm: Intelligence-Led Security whitepaper at: http://www.cyveillance.com/web/forms/request.asp?getFile=106.