We have taken all personal info off of our website. This includes our partners, contractors, employees and clients. We believe that the loss of the personal touch is outweighed by the safety and trust of our clients.
The reason for this is that it is common practice for criminals to first approach their targets indirectly. This means that we are a primary target for criminals wishing to access the “jewels” of our clients. Especially, since our clients tend to be large organizations in the retail and financial spaces.
We just think it is a poor practice to make information so readily available to those who would miss-used it. That being said, our marketing people are NOT happy. However, we are willing to appear less personal and risk some business presence lost. Once you are a client you will have access to your team.
Here is a typical process: In a recent report, the antivirus firm McAfee has provided analysis of a specific targeted attack. This report, along with other findings such as those from the U.S.-China Economic and Security Review Commission can be summarized into the following steps:
- Reconnaissance: An APT actor will seek to find individuals that may be a viable conduit into the targeted organization. APT actors will use information available on an organization’s website, partner websites and social media sites to develop an organization chart. They may also use business cards, conference registration information or information obtained from a previous cyber compromise. Emails and instant messages may also be used to provide targeting information. These sources may also be used to obtain details of an organization’s objectives, projects, contracts, partners and customers to develop practical social engineering attacks. In some targeted attacks, an employee may even be recruited or blackmailed into providing access.
- Social engineering and targeted malicious code delivery. Using the information obtained during the reconnaissance phase, the APT actor may send emails to specific individuals within the organization. These emails may appear to have originated from a known or trusted source, may contain a subject line and text relevant to the recipient and may even contain a valid signature block. These emails typically contain an attachment or web hyperlink that, when accessed, potentially performs various steps aimed at compromising the recipient’s workstation. The attachment may be an original document from the organization or a partner that has been modified with malicious code (i.e. trojanized). In many reported cases, the malicious code exploited a vulnerability for which a vendor patch was readily available.
- Establish a covert backdoor. Once a system has been compromised, the APT actor may attempt to gain elevated privileges. The APT actor may move laterally throughout the network and install additional malicious code where this can be done without raising suspicion or alarms. Time delay may be used to ensure pre-coded external malicious infrastructure components awaiting connections from compromised hosts are not all accessed at once and easily identified.
- Establish command and control infrastructure. Once sufficient privileges have been obtained, the APT actor may install additional tools, such as keyloggers and remote administration tools (RAT), and establish an encrypted communications path to the APT command and control infrastructure.
- Achieve objective. Depending on the objectives, the APT actor may exfiltrate information, modify documents or take control of critical systems. Most reported compromises attributed to APT actors have resulted in data exfiltration. A search for files potentially containing the targeted information, such as productivity software suite documents and emails, may be conducted, and the results transferred to an exfiltration point, or staging server, within the compromised network. This server may be selected among those normally associated with high volumes of traffic to avoid suspicion and limit the number of channels to the external command and control infrastructure. Files of interest are generally compressed and encrypted before being ex-filtrated.
- Maintain presence. Once the targeted information has been exfiltrated, the APT may undertake considerable effort to maintain a long-term presence. This may include minimizing command and control communications, re-compromising restored systems, updating installed malicious code to evade antivirus detection, and monitoring systems for new passwords and other changes. Techniques such as rootkit installation using trojanized binaries, registry modification and use of Microsoft Windows Services are leveraged to maintain a hidden presence.
We have also deploy advanced security on the website that includes
- Site is available under ssl at https://stratetel.com
- Daily Scans for Malware and Automatic removal
- All software is automatically updated even if it causes some usage issues
- Advanced web application firewall is deployed
- DdoS Protection
- Daily Vulnerability Scans
- Attack identification and prevention
We also deploy social traps in our organization. This means that the information gathered may actually lead the perpetrator to being caught.
Encrypted Email is available if requested.
When these practices cause some challenges I hope you will understand that YOUR security is of great concern here.
Note this blog is copied on our security page