Security Blog

Waylon Grange's picture
Written by
Waylon Grange

A team of researchers from a number of universities, including my own alma mater, recently released a paper outlining yet another cryptographic attack. This time the attack is against the Diffie-Hellmann key exchange used in many modern protocols including TLS, SSH, and many VPN servers.

Chris Larsen's picture
Written by
Chris Larsen

This was going to be another "block this whole Top-level Domain" post in our recent series, as ".ninja" had begun showing up on my personal radar, and I'd also seen it on our list of TLDs with high percent

Andrew Brandt's picture
Written by
Andrew Brandt

We're so often flooded with news about novel attacks involving bespoke zero-day vulnerabilities or highly targeted campaigns operated by nation-states that it can be hard to remember not every cybercriminal is some kind of super genius. In fact, a significant percentage fall into the Wile E. Coyote category of "determined, but throws roadblocks in his own way, threat actor."

This past Friday, I received yet another example of what has to be one of the most elaborately complex, Rube Goldberg-esque malware installation process ever conceived. It's so ridiculously elaborate, I had to diagram it.

But to say that this method -- involving a Macro-enabled Microsoft Word document -- is overly complex, fraught with multiple opportunities for failure, and frankly pretty weird does not mean that the attack isn't effective.

To the contrary: The attack mechanism, when nudged along by a compliant victim (or a motivated security analyst), functions remarkably well, despite its questionable pedigree. I've been following this infection mechanism for several months. While bits and pieces have changed over time, the overall flow of the process has remained relatively static, which indicates to me that at least some victims are playing along right until the end. And the eventual payload, Trojan-Dyre, is not something to treat lightly. But the attack itself is so pointlessly complicated that it makes me question the sanity of its creator.

Snorre Fagerland's picture
Written by
Snorre Fagerland

Article has been updated. See additional information towards the end.

 

Kiel Wadner's picture
Written by
Kiel Wadner
"An anomaly is any variation from the baseline— and what we are primarily searching for is anomalies. Anomalies are things that either do not happen but should, or that do happen but shouldn’t. During any situation, we expect certain things to happen and not to happen.",
Chris Larsen's picture
Written by
Jeff Doty

[Nice post by Jeff in our internal blog from a couple of weeks ago. It got a bit lost in the activity around RSAConference last week, so we're rectifying that today. We regularly get inquiries from people about why we have a Suspicious rating on ExcelForum.com, so we thought it would be a good idea to explain what's going on. --C.L.]