Second DOE lab is likely victim of spear-phishing attack
Pacific Northwest National Laboratory has yet to restore email, Internet service five days after attack.
Computerworld - The Department of Energy's Pacific Northwest National Laboratory (PNNL) is working on restoring Internet connectivity and email services after being hit by a "sophisticated cyberattack" five days ago.
It is not immediately clear if the attack resulted in any data being stolen or compromised. A lab spokesman did not immediately respond to a request for comment, but a message on the spokesman's voicemail noted that Internet and email services were down because of a sophisticated attack.
PNNL which is funded by the Energy Department and managed by Battelle, conducts research in areas such as information security, nuclear non-proliferation and counterterrorism. As of Wednesday afternoon, PNNL's main website at www.pnnl.gov was unreachable. An error message noted the site was down due to "system maintenance."
According to several media reports, PNNL, based in Richland, Wash., discovered the attack July 1 and moved immediately to suspend email services and to disconnect itself from the Internet.
Those actions suggest that the PNNL was likely a victim of a spear-phishing attack in the same manner that the Oak Ridge National Laboratory (ORNL) in Tennessee was a few weeks ago, said Anup Ghosh, founder and chief scientist of security vendor Invincea.
Oak Ridge, which is also a DOE lab, took identical measures after discovering someone attempting to pilfer data out of its networks in April. According to the laboratory, the breach resulted when some employees clicked on a malicious link in a spear-phishing email message.
The email message, which appeared to have originated from ORNL's human resources group, infected a handful of computers with a sophisticated data stealing Trojan. The malware exploited an unpatched flaw in Microsoft's Internet Explorer software, and was designed to search for and steal technical information from Oak Ridge.
Though PNNL has not said how it was attacked, chances are that it too was felled by spear-phishing, Ghosh said.
Spear-phishing attacks involve the use of emails that are personalized, localized and designed to appear like they originated from someone the recipient knows and trusts. The emails look authentic and are typically targeted at high-level executives or employees with privileged access to corporate systems and data.
Despite heightened awareness and better employee training, about 5% to 20% of spear-phishing emails still get opened, Ghosh said. Often, all it takes for the attackers to succeed is one compromised desktop, he said.
"What they are after is not that user machine. They simply use it as a beachhead from which to move inside the network," he said. Once inside a network, attackers usually are able to move with the level of access that the compromised user has. "There tend not to be any barriers," Ghosh said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt. All Malware and Vulnerabilities White Papers | Webcasts