Spearphishing APT-itude Test

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack. 

Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself clarifying why I don't find the APT buzzword particularly useful (hat tip to SC Magazine UK's Dan Raywood for turning my thoughts in that direction).

Randy Abrams subsequently raised another point worth thinking about, though. Rivner's blog classifies the targeted attack as spear-phishing, and like a number of other commentators, I've taken his word for it.

In fact, while we learn from the RSA blog that a victim was tricked into retrieving targeted mail from the junk folder and opening a spreadsheet poisoned with an Adobe Flash exploit (the vulnerability is now patched), we don't know enough about the actual content of the email to know whether it qualifies as phishing  of any sort, though it clearly used effective social engineering.

Does it matter? Maybe not, but it's kind of exasperating that RSA is apparently better at not leaking information about the leak than it was at not leaking whatever was leaked originally.

Guess where I need to go after that sentence? It was a bit like standing next to a waterfall...

David Harley CITP FBCS CISSP
ESET Senior Research Fellow