Federal Friday – 9.27.13 – Attackers Changing Tactics

Blog Post created by jschim Employee on Sep 27, 2013

Happy final Friday of FY13! Year end is crazy as it always is, and even more so in the year of the Sequester. I’m looking forward to FY14 and moving past the budget issues that plagued the space for most of this year. Oh wait, on second thought, nothing looks like it’s changing too much. But hey, at least it’s the weekend!


A couple of things caught my eye this week and it all pertains to the threat landscape. We are starting to see changing tactics from the attackers out there. First and foremost another IE Zero-Day is floating around out there. According to Rapid7’s own Ross Barrett, our Sr. Engineering Manager, this exploit is now widely available. This specific Zero-Day affects both IE 8 and 9. You can read the post from Ross here.


We have also noticed in Dark Reading this week, that attackers are adjusting their tactics in the wild. Rather than large scale email campaigns, Phishers now targeting specific individuals or groups and have expanded their branding. This would be fantastic news if they were legitimate entrepreneurs, expanding their businesses legally. Unfortunately their energies are geared towards more nefarious motives.  By expanding their brands they are simply using more recognizable logos and email templates in an attempt to catch larger and larger "phish." To read the full report from the Anti-Phishing Working Group (AWPG) you can download the PDF here.


On a positive note GCN highlights the fact that NIST has released more guidelines for securing the DNS. This comes in response to escalated attacks from the Syrian Electronic Army as well as other global groups. Being that the DNS is a distributed system it is open to a wide array of vulnerabilities from other distributed systems along the same net. Below are the recommendations from NIST for secure DNS systems and DNSSEC, which is also mandated as part of SP800-51.


DNS Deployment:

  • Implement appropriate system and network controls for securing the DNS hosting environment, including operating system and application patching, process isolation and network fault tolerance.
  • Protect DNS transactions within an enterprise’s control using hash-based message authentication codes.
  • Protect the DNS query and response transaction by using digital signatures based on asymmetric cryptography as spelled out for DNSSEC.


DNSSEC Deployment:

  • Install DNSSEC capable name servers.
  • Check zone file(s) for integrity errors.
  • Generate a key pair for each zone.
  • Sign the zone using private keys.
  • Load the signed zone onto the server.
  • Configure the name server to turn on DNSSEC processing.

If you would like to read the full article on GCN you can do so here.

Thanks all, and we'll see you here next week in (fiscal) 2014!