Speaking of Security – The RSA Blog and Podcast

It’s a new, exciting era for Trojan builders. The mobile space in 2012 is a vast, unchartered territory that attracts the talent and creativity of black hatters and malware writers like moths to a flame. If you think about it, the entire mobile security space has huge ‘Here there be monsters’ sections where the cartographers don’t really know what to draw. With its unique architecture, security platforms and operating systems, it’s a challenging, yet highly rewarding exercise.

A few months ago I had a conversation with a security professional working in a major US defense contractor. It was right after the attack on RSA. “Welcome to the club”, he said, “we’ve been hit by these APTs for years”.

In January 2010, at the turn of the decade, I wrote the following lines in my blog: “It will be an interesting decade from a cybercrime perspective. Employees are one of the weakest links in corporate security… The current defenses cannot suffice, and the industry must think of a new defense doctrine.” A lot of folks in the security space raised an eyebrow.

There is a lot of fraud in the “last minute” type of travel within the airline industry. But when you take a step back, you discover quite a lot of fraud in the industry exists in general, and it’s always interesting to think of what sort of cash-out options exist in the airline and hospitality categories.

I was on a tour in Asia Pacific when I first heard the news about the attack. The investigation into this attack continues but I’m eager to share some information with you about it. Let’s first make sure everyone is on the same page. The number of enterprises hit by APTs grows by the month; and the range of APT targets includes just about every industry. Unofficial tallies number dozens of mega corporations attacked; examples are in the press regularly, and some examples are here, and here.

The 1982 masterpiece Blade Runner by Ridley Scott is one of my old-time favorites. Harrison Ford chases androids in a futuristic, visually stunning Los Angeles. The future looks bleak, and technology advances did not make the human race any happier.

In this ZeusiLeaks file I’ll talk about how fraudsters tap the communications of a company’s executive board – the holy grail of inside info. Quick reminder: WikiLeaks, the largest leak of data the world has seen? Nonsense! Trojans like Zeus and SpyEye lurk on millions of personal, corporate and government PCs, stealing data 24 by [...]

WikiLeaks, the largest leak of data the world has seen? Nonsense! Trojans like Zeus lurk on millions of personal, corporate and government PCs, stealing data 24 by 7. Everything you do online – either private or work related – is sent to a mother ship halfway across the globe.

  OK folks, quick recap: if you think WikiLeaks is the largest leak of data the world has seen, think again. In fact, think two orders of magnitude bigger. Who needs a quarter of a million diplomatic cables, when we have the Zeus Trojan, most popular crimeware in the universe, sitting on millions of personal, [...]

I don’t know about you, but I was a bit disappointed with the whole WikiLeaks thingy. I mean, come on. The build up was brilliant: you would have thought we’ll finally have irrefutable evidence that a UFO landed in Roswell, that JFK’s assassination was indeed a CIA ploy, and that the 1969 moon landing was a NASA concocted hoax.