Events

Story of one presentation – Gartner Symposium Barcelona

This week I attended the Gartner Symposium in Barcelona. The event is for IT leaders and executives, held in a magnificent venue and superbly organized.

Having the chance of giving a talk there, I wondered what kind of message should I give to such attendees. These people lead big companies and get regular reports from the best analyst in the world. During the conference basically they will get tons of information, and I wanted my message to remain in their minds, so I decided to go for a practical approach.

When talking about the next and most dangerous threats for big companies in the near future, I did not want to enter into technical details that would make my public go away or go to sleep in the first five minutes, so I decided to center my presentation on targeted attacks and consumerization. Basically, we are facing a new paradigm where I think we are not considering seriously the human factor as, probably, the weakest link in the security chain.

The message was clear and useful. The next think I needed to do was to prepare something “shocking” so my attendees will remember my presentation and hopefully, apply some measures in order to secure their organizations against the described threats. I wanted they to know how “hard” it was to create a targeted attack, so I chose some popular tools for gathering information such as The Harvester and for preparing social engineering attacks such as SET.

Basically, using these tools you can create a replica in your own system of some of the most popular sites such as Gmail or Facebook for stealing credentials in less than 1 minute, as well as send mass mailing phishing messages to the targets gathered in the information gathering step. The message here is clear: never to promote the use of these tools for badness, but we should face reality. These tools are freely available and it depends on the user of making a good or bad use of them, they are not malicious by themselves. Still, in case someone chooses the bad way, it is very easy for an attacker with zero technical knowledge to create a targeted attack.

I strongly recommend spending a few minutes learning how to protect against this attacks in our LabMatters video on the topic.

Updated: Even very sophisticated attacks such as Duqu are initiated by social engineering. Check the excellent post of my colleague Aleks.

Story of one presentation – Gartner Symposium Barcelona

Your email address will not be published.

 

Reports

Kimsuky’s GoldDragon cluster and its C2 operations

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

Andariel deploys DTrack and Maui ransomware

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Subscribe to our weekly e-mails

The hottest research right in your inbox