spear phishing
Why cybersecurity in the workplace is everyone’s business
“If Microsoft calls and asks you for your password…it’s not real, ” said Steve LeBlond, VP of Technology and CTO of Ochsner Health System, while speaking at our Digital Health Summit on October 3. “We [Information Technology] will never ask you to log us in.” Stev…
Tax Time: Let the Phishing Begin
This post was authored by Earl Carter and Craig Williams. With the April 15th US tax deadline only about 2 months away, a new wave of tax related phishing is underway. In this latest spear-phishing campaign, attackers are attempting to gain access to your system so that they can steal your banking a…
Visualizing a String of Paerls
Researchers from the Cisco Talos Security Intelligence and Research Team recently discovered an elaborate attack dubbed the String of Paerls. The attack, a combined spearphishing and exploit attempt, was able to bypass most antivirus engines and used a targeted phishing email that included a malicio…
Big Data: Observing a Phishing Attack Over Years
Overview Phishing attacks use social engineering in an attempt to lure victims to fake websites. The websites could allow the attacker to retrieve sensitive or private information such as usernames, passwords, and credit card details. Attacks of this kind have been around since 1995, evolving in sop…
Threat Spotlight: “A String of Paerls”, Part 2, Deep Dive
This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas Goddard In part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described…
Threat Spotlight: A String of ‘Paerls’, Part One
This post was co-authored by Jaeson Schultz, Joel Esler, and Richard Harman. Update 7-8-14: Part 2 can be found here This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attem…
Watering Hole Attacks an Attractive Alternative to Spear Phishing
“Watering Hole” attacks, as evidenced by the recent attack involving the U.S. Department of Labor, are becoming increasingly popular as alternatives to attacks such as Spear Phishing. In a “Watering Hole” attack, the attacker compromises a site likely to be visited by a particular target…