• Cyber Counterintelligence Blog - Speartip

SpearTip Blog

SpearTip’s blog provides insight and information about cyber security and counterintelligence related news and events that are of strategic importance to leadership within these sectors.

About SpearTip:

SpearTip, LLC Is A World Class Cyber Security & Counterintelligence Firm.We offer incident response, malware detection, managed security services, MSSP, penetration testing, enterprise risk management, zero day malware analysis, gap analysis and digital forensics services through the US, and in select foreign countries.

BrickerBot & Phlashing your IoT

Malware Aims to Brick IoT Devices

Home automation is a growing trend, and as smart technology evolves so does the consumer’s in home use for it. We have smart devices everywhere: TVs, refrigerators, washers, driers, even light bulbs, just to name a few items that ultimately comprise the Internet of Things (IoT). However, as we have seen in the headlines this year with Amazon’s Echo, these devices can fall prey to unintended use that could be exploited by hackers costing you time and even worse, a hefty hit to the wallet.

Introduction to Phlashing

You may have heard of phishing or vishing at some point in your career or from the network security team at your organization. These two methods are related to social engineering attacks, but phlashing is a relatively new term that has nothing to do with social engineering and everything to do with denial of service (DoS) attacks. More →

Importance of Secure Cloud Storage For Business

Why Secure Cloud Storage Is A Necessity For Business Information & Customer Data

secure cloud storageImplementing Secure Cloud Storage strategies is becoming a necessity.  Storage of business information and customer data is growing in popularity. The benefits of cloud storage seem to far outweigh the risks, making cloud storage an attractive solution. Among the main advantages are drag and drop file transfers, file accessibility from any device, cloud file linking capability, off site storage for disaster recovery and the relatively inexpensive cost of cloud storage. But, when choosing a cloud storage solution for corporate use, understanding the hidden risks is essential.

Does your corporate cloud storage satisfy the core principles of an effective information security program? Can it ensure the confidentiality, integrity and availability of your business information and customer data? If your organization has, or is planning to, implement Dropbox, AWS, Azure, Office365 or similar cloud storage solution, please consider the information below carefully before making your decision.  More →

Tips for Protecting Health Information From Zero Day Malware Attacks

Zero Day Malware Attacks – How To Protect Health Information Before It’s Too Late

By: Jarrett Kolthoff

zero day malware health informationZero Day malware is a ticking time bomb, prepared to wreak havoc upon unsuspecting health care facilities, administrators, practitioners, and patients. This malware can reside undetected in health information systems for weeks, months, and even years. Then, it happens. Zero Day malware exploits an unknown software vulnerability or a vulnerability for which the developer has not yet released a patch. While the affected healthcare company may have been diligent about compliance, with a Zero Day malware attack, compliance just isn’t enough to protect health information .

How can your health information company reinforce its Zero Day malware defenses? More →

Cyber Kill Chain

The term “Cyber-Kill Chain” has been used in various corners of the cyber security world to describe the different stages of a compromise. The Cyber-Kill Chain is an all-encompassing descriptive model which outlines seven steps typically taken by attackers during the course of a breach. The Cyber-Kill Chain includes actions taken before an attack such as reconnaissance, through post breach steps including data exfiltration. The Cyber-Kill Chain model is optimized when used by a technically competent analyst, who understands investigative processes and maintains relevant technical proficiencies. Information is useful only when placed in the hands of capable professionals that can effectively evaluate it, and ultimately make effective decisions based on experience, aptitude, and ability.

More →

Fusion Cell

Fusion cell analysis is a time-tested, effective method to collect, analyze, and collaborate information from numerous sources to develop a thorough and complete threat picture. Fusion cell analysis is designed to test theories against numerous sources of information, to produce a fully evaluated and functional product.

More →