IRISSCon 2014 Recap

Last week we had the pleasure of speaking at the 6th Irish Reporting and Information Security Service Computer Emergency Response Team (IRISSCERT) Cyber Crime Conference (IRISSCon) in Dublin, Ireland. IRISSCERT is an independent, not-for-profit company, limited by guarantee, and  founded in 2008 to provide a range of free services to Irish businesses and consumers in relation to information security issues to help counter the security threats posed to Irish businesses and the Irish Internet space.

In addition to presenting a talk on the threats ...

3 Simple Steps towards Safer Browsing

Security in layers

This blog was going to be a continuation of my last blog, “Does Your Domain Have Bad Neighbors?“, but instead I would like to take a few minutes to cover something else that people have been asking me about recently.  Often times I get questions along the lines of ‘What are some things I can do to help protect myself even more from security threats?”.

Security should be thought of in terms of layers. The more layers you add, ...

Data Mining Deep Dive into DarkHotel Domains

DarkHotel is a cyber espionage campaign targeting well-known corporate executives and political leaders in Malaysia, Japan, India, and other countries. What is fascinating about this particular syndicate is their advanced skill set, and ability to leverage high-level penetration techniques to accomplish their goal (ex. kernel mode key logger, reverse engineering certs, and 0-day exploits).

In addition, after successful exfiltration of the targeted data, they are able to remove any trace of their existence from the network, making it much harder for ...

WireLurker and Its Patterns

More than a week ago, Unit42 of Palo Alto Networks revealed the existence of WireLurker – a iOS specific trojan capable of capturing sensitive user data. This blog post will be looking at a month’s worth of DNS traffic history to the two sites associated with WireLurker.

WireLurker was delivered to the user via unsanctioned third-party apps. The WireLurker network infrastructure was composed of two components – a delivery mechanism and a command and control (C2) server. The authors of ...

One Phish, Two Phish, Red Phish, Your Account Details Just Got Stolen.

I woke up one morning and checked my phone, like I do every morning, to see what was happening in the world while I was sleeping. I noticed that I had a few alerts from my bank. Cool. What couldn’t wait until morning, bank? Well, it turns out that someone that wasn’t me had overdrawn my account at an American Eagle Outfitters somewhere in Iowa.

“We would like you to authorize these charges. Did you spend $300 at American ...