Cisco Blogs


Cisco Blog > Security

LexisNexis Breach Highlights Identity Theft Risks

Who are you? Removing the obvious existential questions for a minute, your identity is often represented as a bundle of personally identifiable information (PII). In the United States PII begins at birth with a name, date of birth, and social security number (SSN). This morning’s KrebsOnSecurity post details the unauthorized access of computer systems (via malicious code) at Lexis Nexis and Dun & Bradstreeet. Both of these organizations aggregate and sell consumer and business PII.

When PII is misrepresented, the experience for the true PII owner can range from unsettling to pure exasperation due to the fact that the victim’s virtual identity must be reclaimed and a consistently proven remediation roadmap still does not fully exist. A recent survey estimated that in 2012 over 12 million Americans were the victims of identity theft.

Fortunately, in addition to the standard PII definition a majority of states –such as California’s Penal Code §530.55 - now include credit card numbers and even computer media access control (MAC) addresses. The comprehensive definition and accompanying legislation is giving law enforcement the ability to charge suspects with identity theft and aggravated identity theft, but individuals still need to be aware of the risks and respond accordingly.

Below are five realistic almost universal U.S.-centric identity theft risk factors followed by guidance on proactively saving you those precious resources – time and money.

1. You don’t control your PII. Read More »

Tags: , , , , , , , , , ,

High Stakes Gambling with Apple Stock

Miscreants are always trying to put new twists on age-old schemes. However, I must admit that this latest twist has me slightly puzzled. Today, Cisco TRAC encountered a piece of stock related spam touting Apple’s stock, AAPL.

AAPL spam

Read More »

Tags: , ,

Watering-Hole Attacks Target Energy Sector

Beginning in early May, Cisco TRAC has observed a number of malicious redirects that appear to be part of a watering-hole style attack targeting the Energy & Oil sector. The structure consists of several compromised domains, of which some play the role of redirector and others the role of malware host.

Observed watering-hole style domains containing the malicious iframe have included:

  1. An oil and gas exploration firm with operations in Africa, Morocco, and Brazil;
  2. A company that owns multiple hydro electric plants throughout the Czech Republic and Bulgaria;
  3. A natural gas power station in the UK;
  4. A gas distributor located in France;
  5. An industrial supplier to the energy, nuclear and aerospace industries;
  6. Various investment and capital firms that specialize in the energy sector.

Encounters with the iframe-injected web pages resulted from either direct browsing to the compromised sites or via seemingly legitimate and innocuous searches. This is consistent with the premise of a watering-hole style attack that deliberately compromises websites likely to draw the intended targets, versus spear phishing or other means to entice the intended targets through illicit means.

Read More »

Tags: , , , , ,

The Phishing Grounds

On August 15, 2013, Brian Krebs featured a screen shot of a fake Outlook webmail login page used by the Syrian Electronic Army in a phishing attack against the Washington Post. If you look carefully at the location bar, you will note that the domain used in the phishing attack is ‘webmail.washpost.site88.net’.

Washington Post Phishing Attack Page

Read More »

Tags: , , ,

Syrian Electronic Army Continues Spree: Cracks New York Times, Twitter and Huffington Post

The Syrian Electronic Army continues to hammer away at media organizations.  This afternoon the Syrian Electronic Army appears to have compromised the registrar Melbourne IT which hosts the domains of notable media organizations like Twitter, The New York Times, and The Huffington Post.

Syrian Electronic Army cracks Melbourne IT Registrar

Read More »

Tags: ,