Wednesday, April 22, 2015

Attacking the White House with monkeys. Yes, seriously.

Monkeys doing funny things on videos. They were sent by email to White House employees with viruses hidden on it. It was explained on the analysis made by Kaspersky Lab's about Cozy Duke advanced attack, suffered by the US government last winter. But today the undisputed protagonist is not the White House but the RSA Conference, from where we get a lot of interesting security news.


CozyDuke had, like most advanced attacks, at least two ways of assaulting their victims via email. On the one hand, sending links to legitimate high profile sites as diplomacy.pl, who had been attacked and infected their visitors. Or sending funny flash videos, attachments to mail messages, such as "Monkeys in the office LOL Video. zip." When opened, a virus is installed on the victim computer. Both tricksare really old but helped CozyDuke to get into the White House andthe State Department, among others.


Precisely at the RSA Conference were presented the results of a survey that seeks toclarify how and why these scams are still functioning. Conclusions: Employees open one in 25 malicious messages that are sent. Middle managers are nowadays the primary objective. Sales, Finance and Procurement departments opens by far more malicious messages than others. Thurdays are also the days of the week with more infection cases.

Other interesting information coming from RSA Conference, talks about viruses that disable iPhones and iPads, tricks to annul the Samsung Galaxy biometric protection or a survey on what moves the 0day failure discoverers to report their findings: money but also recognition for them and their company. The creators of bugs reward programs should take good note. Speaking of 0days, the RSAC revealed that ads withknown malicious code into web pages have been infecting visitors for two months without anyone noticing.

Online banking has alsostarred the RSA Conference, with the help of Juan Francisco Losa and Santiago Moral, from BBVA. Applications developed by third-party, data no longer residing in the bank data center, a faster development cycle and faster software or what authentication methods should we use, are some of the challenges facing by banks in the digital era. Losa explained that BBVA has a "panic button" to react quickly in an emergency and gave a recipe to his colleagues: "Begin to make security decisions in a decentralized way."


With so much good information for noting, the RSA Conference is confirmed as one of the most important events of the sector worldwide.

0 comments:

Post a Comment