On July 14, 2011, during a speech introducing the Pentagon’s new cybersecurity strategy, Deputy Defense Secretary William J. Lynn, III disclosed that 24,000 files had been lost to “foreign intruders.” Lynn said the files contained some of the U.S.’s “most sensitive systems, including aircraft avionics, surveillance technologies.”
How could this happen? FastCompany reports that this was accomplished using a spear-phishing email to deliver an email payload with a zero day exploit. The malicious email was sent to a defense contractor, rather than the Department of Defense. The key to a successful spear-phishing attack is creating a highly personalized email that will deceive the recipient into taking the call to action. Employees of defense contractors were targeted because it is easier to mine the internet for useful personal data (needed to craft a highly targeted spear phishing email) about contractor employees than government employees.
The spear-phishing email delivered a zero day exploit. A zero day exploit is a new loophole in the security system that is unknown, and therefore available to compromise systems. For example, an email purporting to be from HR or a colleague contains an attachment that appears highly relevant. When the attachment is opened, malware is installed on the recipient’s computer by using the zero day exploit.
Traditional security methods can’t detect and stop low volume, highly targeted spear-phishing email and training isn’t effective – so what can be done to defend the enterprise against spear-phishing? The enterprise can adopt a tool that identifies trusted email so that the target of the spear-phishing attack can distinguish real email from fake email. That tool is SP Guard from Iconix.
SP-Guard provides the recipient with three confirmations that a message is real:
- List View. There is an integrity indicator in the list view of the email client.
- Message. The open message has a further indicator of authenticity.
- Mouseover. Mousing over the authentication indicator in the message prompts the display of a certificate that further identifies the sender.
SP-Guard is available now from Iconix. For further information, contact our sales team. At 408-727-6342, ext 3 or use our online form.