Federal Friday - 12.13.13 - Phishing with Tumblr and Pricing for Worms

Blog Post created by jschim Employee on Dec 13, 2013

Happy Friday fed friends! Another week comes to a close leaving us with 12 days to finish up the holiday shopping. Word out of the North Pole is that Santa has a new tool to check who's been naughty or nice this year .


There have already been more than a few articles floating around with 2014 predictions for cyberthreats and many of them, including this little diddy from GCN, tell a familiar yet slightly different tale. What most cybersecurity experts are saying, and roadshow.pngI happen to agree with, is that the threat landscape heading into 2014 will be primarily made up of known targets but the attacks would feature new tactics. The interesting thing that the GCN article highlights?  2 new wrinkles in the threat landscape; Bring Your Own Cloud (BYOC) and wearable computers. Many of your employees currently use a variety of personal cloud services, whether through their PC or their mobile device, and will utilize these services with information from work. They aren't doing this with malicious intent but out of convenience and in many cases unknowingly circumventing organizational cybersecurity standards. In addition to BYOD and BYOC we are going to start running into the wearable computer issue sooner than later. Samsung has released Galaxy Gear this year, Google Glass is in beta and Microsoft is also working on it's own product as well. While this won't be a rush right away on the gen-one products, we will all see an influx of Star Trek like devices walking through the door as they become part of the larger tech market.


On the Internet Storm Center site there are reports of Phishing attacks utilizing a fake Facebook site that distributes malware through some odd Tumblr redirects. Remember this old story? You get a message from a friend saying that a crime has been committed against someone on your friends list, and that there are pictures of the perpetrator on a Tumblr page. The hook is that they need your help in order to ID the bad guys. Once an individual clicks on the Tumblr link they are redirected to a fake Facebook log in screen, prompting them for their credentials, which are immediately compromised. I find this to be an interesting ploy given all the hysteria that was raised in the hours and days follow the Boston Marathon bombings where many members of the general public engaged in a crowd-sourced dragnet to help the authorities ID suspicious looking people. Needless to say, this has caught some attention and has been an effective tactic. On another note a new tool for attackers is to auto-register Tumblr accounts by circumventing some of the defenses Tumblr has in place when a user registers an account. This gives the attackers the ability to use similar tactics among multiple social networks.

Now, one can go Phishing without using Worms but for those sophisticated attackers there is a huge marketplace for them to acquire some of the rarest worms that are available, for the right price. Nextgov had a nice piece highlighting a report from NSS Labs on the "black market" for cyber arms where an average of 85 exploits are being sold per day. Using some simple math that equates to 31,025 exploits a year being sold through these boutique shops. Their customer lists range from governments, intelligence agencies, the mafia, and many cyberterrorist organizations with pricing models that include pay-per-exploit options to a site offering 25 exploits a year for a $2.5 million lump sum payment.

The moral of this week's story? Rapid7 has decided to take a proactive approach heading into 2014. In January and February we are hitting the road and holding a half day seminar, "Security at the Crossroads." This event will be led by various industry leaders and will help you better understand attackers, address the threats among various assets, monitor your security posture, and to help develop strategies that IT and executive teams can support. Click here to read more about it and find a location near you.