Second DOE lab is likely victim of spear-phishing attack
Pacific Northwest National Laboratory has yet to restore email, Internet service five days after attack.
Computerworld - The Department of Energy's Pacific Northwest National Laboratory (PNNL) is working on restoring Internet connectivity and email services after being hit by a "sophisticated cyberattack" five days ago.
It is not immediately clear if the attack resulted in any data being stolen or compromised. A lab spokesman did not immediately respond to a request for comment, but a message on the spokesman's voicemail noted that Internet and email services were down because of a sophisticated attack.
PNNL which is funded by the Energy Department and managed by Battelle, conducts research in areas such as information security, nuclear non-proliferation and counterterrorism. As of Wednesday afternoon, PNNL's main website at www.pnnl.gov was unreachable. An error message noted the site was down due to "system maintenance."
According to several media reports, PNNL, based in Richland, Wash., discovered the attack July 1 and moved immediately to suspend email services and to disconnect itself from the Internet.
Those actions suggest that the PNNL was likely a victim of a spear-phishing attack in the same manner that the Oak Ridge National Laboratory (ORNL) in Tennessee was a few weeks ago, said Anup Ghosh, founder and chief scientist of security vendor Invincea.
Oak Ridge, which is also a DOE lab, took identical measures after discovering someone attempting to pilfer data out of its networks in April. According to the laboratory, the breach resulted when some employees clicked on a malicious link in a spear-phishing email message.
The email message, which appeared to have originated from ORNL's human resources group, infected a handful of computers with a sophisticated data stealing Trojan. The malware exploited an unpatched flaw in Microsoft's Internet Explorer software, and was designed to search for and steal technical information from Oak Ridge.
Though PNNL has not said how it was attacked, chances are that it too was felled by spear-phishing, Ghosh said.
Spear-phishing attacks involve the use of emails that are personalized, localized and designed to appear like they originated from someone the recipient knows and trusts. The emails look authentic and are typically targeted at high-level executives or employees with privileged access to corporate systems and data.
Despite heightened awareness and better employee training, about 5% to 20% of spear-phishing emails still get opened, Ghosh said. Often, all it takes for the attackers to succeed is one compromised desktop, he said.
"What they are after is not that user machine. They simply use it as a beachhead from which to move inside the network," he said. Once inside a network, attackers usually are able to move with the level of access that the compromised user has. "There tend not to be any barriers," Ghosh said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Malware and Vulnerabilities White Papers | Webcasts