[liberationtech] Foxacid payload
coderman
coderman at gmail.com
Tue Jul 22 01:48:27 PDT 2014
On Fri, Jul 18, 2014 at 12:22 PM, Denis 'GNUtoo' Carikli
<GNUtoo at no-log.org> wrote:
> ...
> If the adversary looses one exploit each times he attacks someone, then...
perhaps someone to help answer the question is Google, if they felt inclined.
per "re:publica 2014 - Morgan Marquis-Boire: Fear and Loathing on the Internet"
- https://www.youtube.com/watch?v=bOK_KAXbTe8
(better archive?)
at one point most large media organizations (21 of 25) received
targeted malware through email. most of that is weaponized-unpatched,
not weaponized-0day[s].
Google has implemented both more prominent notifications to warn users
directly, and published research on hacking by governments with
HackingTeam, Gamma, etc. publicly.
it would be interesting for Google to report specifically 0day attack
trends, past and current, to determine if they've successfully moved
the more advanced attacks to other mediums of communication outside
their purview.
---
using a different reference,
it is difficult to get a sense of how the detection landscape has
changed for TAO and JTRIG like groups, as the leaks only indicate that
attacks are almost always successful, and presumably that also means
undetected. out of 100,000's of implants, only dozens identified and
dissected by research groups or anti-virus companies.
one trend is clear, which is away from email attachments or click bait
toward in-line attacks on downloads, updates, browser software, chat
clients, and other attack surfaces.
best regards,
More information about the liberationtech
mailing list