Phishing emerges as major corporate security threat
Break-ins at Oak Ridge, RSA, others show that the 'low-tech' phishing attacks can have bad consequences
Computerworld - The successful use of phishing emails to breach secure organizations like Oak Ridge National Laboratory and RSA are stark reminders of the serious threat posed by what some experts have dismissed as as a low-tech method of attack.
Oak Ridge, a U.S. Department of Energy-run research lab, this week disclosed it had shut down all Internet access and email services after discovering a sophisticated data stealing malware program on its networks.
According to the lab, the breach originated in a phishing email that was sent to about 570 employees. The emails were disguised to appear as notes about benefits changes written by the lab's HR department. When a handful of employees clicked on the embedded link in the email, a malware program was downloaded onto their computers.
The malware exploited an unpatched flaw in Microsoft's Internet Explorer software, and was designed to search for and steal technical information from Oak Ridge, whose engineers are in the midst of an effort to build the world's fastest supercomputer.
A Oak Ridge official described the attack as being very similar to one that hit security vendor RSA last month.
That incident resulted in the theft of information about RSA's SecurID two-factor authentication technology. And a breach at Epsilon earlier this month, said to be the largest ever involving email addresses, is also suspected to have been caused by a targeted phishing campaign.
That hackers are able to penetrate such presumably well-protected organizations using low-tech, fake email methods points to the growing sophistication of targeted phishing campaigns and the continued tendency by enterprises to think that user education alone will mitigate the problem, analysts said.
"It doesn't surprise me at all," said Anup Ghosh founder of security firm Invincea. "Almost every publicized and self-declared Advanced Persistent Threat (APT) attack this year has been through phishing emails."
Such emails, in fact, now appear to be the preferred method for illegally breaking into corporate networks, he said.
"All you need to do is to get an email to a target. You only need a very low click through rate to establish several points of presence inside an organization," Ghosh said. "If you have 1,000 employees in your organization and you train them all on not opening untrusted attachments, you'll still have someone doing it. This is not a problem you can train yourself out of."
Exacerbating the issue is the growing sophistication of phishing campaigns, analysts note.
Increasingly, organized cybergroups have started using convincingly crafted emails to target high level executives and employees within the organizations they want to attack. In many cases, the phishing emails are personalized, localized and designed to appear like they originated from a source trusted.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!