Cisco Blogs


Cisco Blog > Security

Big Data: Observing a Phishing Attack Over Years

google_drive_attack

Overview

Phishing attacks use social engineering in an attempt to lure victims to fake websites. The websites could allow the attacker to retrieve sensitive or private information such as usernames, passwords, and credit card details. Attacks of this kind have been around since 1995, evolving in sophistication in order to increase their success rate. Up until now, phishing attacks were generally viewed as isolated events that were dealt with on a case-by-case basis. The dawn of big data analysis in computer security allows us to store data indefinitely and watch the changes and growth of attacks over long periods of time. In 2012, we began tracking a sophisticated phishing campaign that is still going strong.

 

The Target

Google, one of the largest players in the cloud business, offers dozens of free cloud services: Google Email, Google Drive, Google Docs, Google Analytics, YouTube, etc. To enable easy access across all of these properties, Google built what they call, “One account. All of Google.”   Read More »

Tags: , , , , , , , , ,

The Dark Side of Technology

Cisco Champions ask Challenging Questions.  This is the third and final blog in our series presented by Carlos Dominguez and Jimmy Ray Purser. You can read the first blog by Carlos addressing connectivity and the less tech-fortunate here and the second blog by Jimmy Ray on the future of the CCIE here.

I recently had an opportunity to sit down with our Cisco Champions to discuss a range of topics and this was by far the most interesting question as it was inspired by high school students. High school teacher, Hector Albizo’s students wanted to know:

 “What is currently considered the dark side of technology?”

Indeed a great question!  Technology has a ying and yang.  For every good there is a dark side.  Let’s look at history to see examples.  The axe was created for chopping down trees, keeping us warm with fire wood and  building things, all good results that we benefit from.    On the dark side, it became a weapon of war.  The same trend is true for technology. Read More »

Tags: , , , , , ,

LexisNexis Breach Highlights Identity Theft Risks

Who are you? Removing the obvious existential questions for a minute, your identity is often represented as a bundle of personally identifiable information (PII). In the United States PII begins at birth with a name, date of birth, and social security number (SSN). This morning’s KrebsOnSecurity post details the unauthorized access of computer systems (via malicious code) at Lexis Nexis and Dun & Bradstreeet. Both of these organizations aggregate and sell consumer and business PII.

When PII is misrepresented, the experience for the true PII owner can range from unsettling to pure exasperation due to the fact that the victim’s virtual identity must be reclaimed and a consistently proven remediation roadmap still does not fully exist. A recent survey estimated that in 2012 over 12 million Americans were the victims of identity theft.

Fortunately, in addition to the standard PII definition a majority of states –such as California’s Penal Code §530.55 - now include credit card numbers and even computer media access control (MAC) addresses. The comprehensive definition and accompanying legislation is giving law enforcement the ability to charge suspects with identity theft and aggravated identity theft, but individuals still need to be aware of the risks and respond accordingly.

Below are five realistic almost universal U.S.-centric identity theft risk factors followed by guidance on proactively saving you those precious resources – time and money.

1. You don’t control your PII. Read More »

Tags: , , , , , , , , , ,