Events

Story of one presentation – Gartner Symposium Barcelona

This week I attended the Gartner Symposium in Barcelona. The event is for IT leaders and executives, held in a magnificent venue and superbly organized.

Having the chance of giving a talk there, I wondered what kind of message should I give to such attendees. These people lead big companies and get regular reports from the best analyst in the world. During the conference basically they will get tons of information, and I wanted my message to remain in their minds, so I decided to go for a practical approach.

When talking about the next and most dangerous threats for big companies in the near future, I did not want to enter into technical details that would make my public go away or go to sleep in the first five minutes, so I decided to center my presentation on targeted attacks and consumerization. Basically, we are facing a new paradigm where I think we are not considering seriously the human factor as, probably, the weakest link in the security chain.

The message was clear and useful. The next think I needed to do was to prepare something “shocking” so my attendees will remember my presentation and hopefully, apply some measures in order to secure their organizations against the described threats. I wanted they to know how “hard” it was to create a targeted attack, so I chose some popular tools for gathering information such as The Harvester and for preparing social engineering attacks such as SET.

Basically, using these tools you can create a replica in your own system of some of the most popular sites such as Gmail or Facebook for stealing credentials in less than 1 minute, as well as send mass mailing phishing messages to the targets gathered in the information gathering step. The message here is clear: never to promote the use of these tools for badness, but we should face reality. These tools are freely available and it depends on the user of making a good or bad use of them, they are not malicious by themselves. Still, in case someone chooses the bad way, it is very easy for an attacker with zero technical knowledge to create a targeted attack.

I strongly recommend spending a few minutes learning how to protect against this attacks in our LabMatters video on the topic.

Updated: Even very sophisticated attacks such as Duqu are initiated by social engineering. Check the excellent post of my colleague Aleks.

Story of one presentation – Gartner Symposium Barcelona

Your email address will not be published. Required fields are marked *

 

Reports

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox