Many of you have experienced phishing attacks, which often come in the form of attempts to illicitly gather personal information by impersonating a person or organization that is a known entity to the target. This may come in the form of an email purporting to be from your bank that actually connects to a compromised web site being used to gather your bank login information, or an email pretending to be from a friend or relative who claims to be stranded in Cyprus without cash or credit cards, and is in desperate need of $3,000 to “get out of a bind.” Attacks such as these have in the past been relatively easy for the moderately cautious netizen to recognize—one phone call can verify that a relative is at home in Jersey and not in Cyprus, and a close look at the link in the bank email usually reveals a URI that does not actually resolve to the bank’s servers. (more…)
Thank you for visiting the Vínsula security blog. We will use this space to publish announcements regarding our development, technical analysis of malware, elements of our platform, and to discuss general cybersecurity issues on a global level. We’ll begin over the next few weeks by presenting a series of articles describing the anatomy of a spearphishing campaign using an example of an actual attack. Through this, we will examine both the social engineering aspects of a targeted cyber attack, as well as the technical aspects of the specific payload used in the attack. Please check back, subscribe to our Twitter feed, or like us on Facebook to be kept up to date on our blog posts.