Category: Topic

Posted in Informational, Research, Topic, Vulnerabilities

Case Study: Stuxnet

Posted on by Steph

Enter the CyberWar

(A Day Late during to Travel)

If you’re paying attention to the War in Ukraine you’ve probably heard people talk about the ensuing cyber dimension of the conflict. This is just the latest skirmish–though some say it’ s the beginning of the new Era of Cyberwarfare–of cyberwarfare.

Stuxnet, wasn’t the first cyber operation nor was it the first virus, but it’s notable because it was one of the first that destroy hardware and an operation linked specifically to the U.S.

Stuxnet was a virus developed to target Iran’s nuclear capabilities. Basically, it targeted automated controls in industrial control systems causing the hardware to break. It did this by exploiting zero-days in Microsoft and Siemens software. The bad part is that Stuxnet worked to well and ended up spreading globally.

Read more:

Posted in Current Events, Informational, Research, Topic

Privacy in the Digital Age:

Posted on by Steph

Roe v. Wade

Again, had a post planned and instead news caused a different post.

Even before the Supreme Court officially struck down the Roe v. Wade decision and sent reproductive health issues back to the states there were stirrings questioning how incoming changes might effect health apps and data collection.

Living in today’s world people might not worry about how much of their information is readily collected or available. Perhaps, they’ve resigned themselves to the fact that they can’t stop their data being collected. There has been very little headway made in crafting some type of national privacy law, so it makes one feel like this is just inevitable, online privacy is your own concern.

For months before today reading through Twitter brought calls for women to remove period tracking apps and be more cognizant of how their data might be collected and in the future possibly subpoenaed as proof of some ‘reproductive crime’..

“Democrat lawmakers along with privacy advocates are now growing worried prosecutors in these anti-abortion states will use subpoenas to demand tech companies help them identify which users have visited an abortion provider.” -Michael Kan, PCMag.

I would definitely consider myself a privacy advocate. I think the majority of infosec people are concerned about privacy to some degree. It’s concerning that it really took something so dramatic to bring this conversation about data collection back to the foreground.

It can be proposed that perhaps we all just became too complacent in many ways…

How all this unfolds and develops is something to keep a definite eye on.

Posted in Informational, Topic

Phishing

Posted on by Steph

Spam, Scams, and Being Targeted…

Regardless of whether you are the CEO of a Fortune 500 or a blue-collar worker with hundreds in the bank there is a price on your personal identifiable information (PII). The cost of your information can range from the amount of money you currently have in an account, the amount of credit extended on a card, or the usability of your credentials in escalated attacks. That’s not fear-mongering, it’s a fact. Information is a commodity and either yours and/or the information you hold is worth something. Thankfully, phishing emails can be easily combated with just an increase in situational awareness and following simple rules for emails.

  • This means looking at the sender of emails; including matching the sender name and the sender’s email address.
  • Being wary of all links and attachments. If the attachment is from a stranger or not expected from the sender err on the side of caution and don’t download it without verifying the sender (not through email).
  • Assume links are suspicious. This is just the easiest way to avoid misdirection. If you need to check something out for an account don’t use the email links instead go directly to the site via the browser by typing it in.
References
More Examples of PHishing Emails
Glossary
  1. Phishing – crafted, usually mass-sent emails used to try and garner information from the targets. These are usually not a well crafted, can be automated. Also a broad term that encompasses: spear-phishing and whaling.
  2. Spear-phishing- An email attack which is targeted to certain people, persons, or groups. These emails will be more well crafted and will try to use public available information to craft the message.
  3. Whaling-An even more targeted attack than spear-phishing which casts an even smaller “net” targeting CEOs, COOS, and other upper management accounts.
  4. Social Engineering- Broad term for attacking the “human” element of organizations. This type of attack uses human nature to try and get information or gain access. Phishing falls under social engineering as an attack type.
  5. Situational Awareness- Practicing calm in the moment in order to analyze environmentally what is occurring.
  6. Spoof[ing]- Imitation; pretending or portraying to be an entity in which they are not.