Troy Gill, security analyst with AppRiver, provided some expert insight on the breach. “Since it does not appear that any credit card or financial information was taken, the risk here is that these individuals will be targeted going forward.”
Gill notes that the real threat, just as in the recent exposure of customer email addresses from Epsilon, is that the contact information, combined with the known relationship with Ashampoo, will enable attackers to create much more convincing precision phishing attacks.
Anup Ghosh, founder and chief scientist at Invincea has a more ominous take on the matter. Ghosh says that the string of data breaches and the general information security news over the past year or so should alarm everyone from Wall Street to Main Street.
Ghosh explains that the end user, rather than a PC operating system or vulnerable software, has become the primary target for attackers, and is the real root of the problem. ”The adversary targets the user because they know that regardless of all the patches applied to technology, one cannot apply a patch to Layer 8–the human brain. Attachments will always be opened if they look to be coming from a reliable source; curiosity has always and will always kill the cat.”
Ghosh suggests that security needs to adopt a new model that seeks to protect the entire PC environment from the actions of the user rather than focusing on identifying and patching vulnerabilities.]]>
The creator of ZeuS allegedly went into “retirement” last fall. Apparently, the malware business had taken its toll and he was ready to cash in on his ill-gotten gains to sip pina coladas on a beach in the Caribbean. So, he did the only sensible thing and turned over the source code for ZeuS to his arch-nemesis–the malware developer behind SpyEye.
ZeuS arrives in many forms, like FDIC phishing scams, or UPS phishing scams. AppRiver’s Fred Touchette provides an excellent analysis of the ZeuS botnet, and the emerging threat of hybrid ZeuS / SpyEye malware attacks.
*Bonus Note: If you have not seen the movie “The Gods Must Be Crazy“, I highly recommend it. It is one of the funniest movies I have ever seen.
*Bonus Bonus Note: Admittedly, it takes a certain sense of humor to relate. Some people don’t get it. If you are one of these people, perhaps watching it in an altered state might make it funnier.]]>
The phishing email contains the obligatory spelling and grammatical errors that should be red flags to any recipient above the third or fourth grade level. In closing, let me just remind everyone once again not to open file attachments–especially file attachments claiming to be from some financial institution you do business with directing you to fill out some attached form. PayPal, your bank, and any other reputable business will not ask you for sensitive information via email or with a file attachment.]]>