End users are almost sitting duck when bad guy using spear phishing as a tool to penetrate. We have observed this kinds of attacks in Taiwan government network for more than 3 years.
Perry Liu -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Ferguson Sent: Wednesday, September 12, 2007 12:04 PM To: [email protected] Subject: [funsec] Cyber Spies Target Silent Victims -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via Forbes.com. [snip] The U.S. Department of Defense confirmed last week that cyberspies have been sifting through some government computer systems. What wasn't said: The same spies may have been combing through the computer systems of major U.S. defense contractors for more than a year. "There's been a massive, broad and successful series of attacks targeting the private sector," says Alan Paller, director of the SANS Institute, a Bethesda, Md.-based organization that hosts a response center for companies with cybersecurity crises. "No one will talk about it, but companies are creating a frenzy trying to stop it." Paller believes that the 10 most prominent U.S. defense contractors--including Raytheon, Lockheed Martin, Boeing, and Northrop Grumman--have, for the past 14 months, been the victims of the same sort of cyberespionage that has recently plagued the Pentagon. He and other experts warn that the classified military technology research held by these private sector companies is even more vulnerable to hackers than the data stored on government computers. And while the U.S. government publicizes its security breaches, researchers say these commercial contractors almost always keep their data losses out of the public eye. [snip] More: http://www.forbes.com/2007/09/11/cyberspies-raytheon-lockheed-tech-cx_ag_09 11cyberspies.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFG52URq1pz9mNUZTMRApuCAJ4xKL2VTFrq6h/8QjDmyxtMTqyY6QCgkZ2N 5EPnzP1c4CtClx08Lo/hsLw= =GaDW -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
