30 Mar 2015 01:00 PM |
Beware, spear-phishing is striking again - Websense Security Labs has become aware of recent spear-phishing attempts utilizing what appear to be forwarded legitimate email messages and a typo-squatted domain. If these targeted attempts are successful, then the combination of a trusting nature, orthographic...
Read more >
Filed under: Targeted attacks, Phishing, Typosquatting, Spear Phishing, Social Engineering
11 Dec 2013 09:03 AM |
With cloud infrastructure easily scalable and rented botnets coming on
the cheap, the cost of conducting massive phishing campaigns continues
to decline for cybercriminals. Even if the return rate is small or the
campaign is poorly executed, phishing can result in serious money for
criminals. Phishing will never simply go away—meaning ongoing headaches
for security professionals....
Read more >
Filed under: Research, Phishing, Spear Phishing, x
12 Mar 2013 08:29 AM |
Websense Security Labs™ and The Websense® ThreatSeeker™ Network have detected that the government-related websites ict.org.il and herzliyaconference.org have been involved in a 'waterhole' attack and are injected with malicious code that serves as an exploit for Internet Explorer vulnerability CVE-2012-4969. The first website describes itself as the “International Institute for Counter-Terrorism”. Both websites seem to be connected and governed by a leading Israeli academic institution called the IDC.
The malicious code found on the websites is identical and was identified as CVE-2012-4969 - an Internet Explorer vulnerability that was verified as a zero-day at the time and was found to be exploited in the wild on September 2012. It was found by Eric Romang from Zataz.
From our initial checks, the websites still serve the malicious code on specific paths, and have been serving the malicious code from as early as the 23rd of January 2013. At the time of this writing, the malicious code on ict.org.il appears to be fully functional, but the malicious code on herzliyaconference.org doesn't seem to be functional (the main page that initiates the exploit seems to have been removed; although subsequent pages are still available, on their own they won't serve a successful exploit).
Read more >
Filed under: Analysis, Targeted attacks, Exploit, Spear Phishing, CVE-2012-4969
13 Feb 2013 08:30 AM |
The 2013 Threat Report from the Websense® Security Labs™ is now available.
The report details mobile, social, email and web-based threats, and
while it is full of ominous data points, it is a very interesting read.
The report is designed to help security professionals keep current with
threat trends and improve the effectiveness of existing security
solutions. It can also be used to identify and prioritize security gaps
that may require new approaches and more innovative strategies.
Creating the report began with the ThreatSeeker® Network,
composed of big data clusters used by the WSL to collect and manage up
to 5 billion inputs each day from 900 million global endpoints. Malware
samples, mobile applications, email content, web links and other
information were then passed through deep analysis processes including
our Advanced Classification Engine (ACE), which applied over 10,000 different analytics.
Read more >
Filed under: Compromise, Facebook, Malware, Social Networks, Malicious emails, Research, Spam, Phishing, 0-day, Mass Injection, Data loss, Web Research, Spear Phishing, Threat Report, ThreatSeeker Intelligence Cloud
05 Feb 2013 10:00 AM |
In the previous part of our report, we analyzed the malicious content detected in the domain "rotary-eclubtw.com". We detected the exploitation code for the vulnerability CVE-2012-4792 and analyzed the Flash file which was used to contain the heap spray code and the shell code. In this part we are going to show some of the details that we extracted from the shell code and from behavioral analysis of the malware installed after a successful exploiting attempt. We have also added some details related to the domain name using the WHOIS records and internal data.
Why are waterhole attacks occurring? What is the attackers' objective, both here and in other cases? As we learned from this analysis, the malware is used to steal files from compromised computers, while also enabling monitoring of the user's emails and other activities. We also found suspicious ties to sites potentially targeting high technology suppliers, perhaps in Taiwan. Read on for details of the attack.
Read more >
Filed under: CVE-2012-4792, Spear Phishing