On June 14, 2012, Mark Weatherford, DHS’s deputy under secretary for cybersecurity, provided at least the third formal cybersecurity presentation to the United States Senate. The demonstration was part of the Obama Administration’s efforts to pass cybersecurity slated to come to the Senate floor in the next three weeks. This demonstration again focused on a spear phishing attack against the Homeland Security Department. The demonstration reflected the reality of the recent attack against the U.S. Natural Gas Pipeline infrastracture.
Secretary Weatherford said the purpose of the demonstration was not to scare Senators and staff, but to enlighten them about how easy it is to conduct a spear phishing attack. Weatherford’s team from the U.S. Computer Emergency Response Team (U.S. CERT) used free open source tools found on the Internet. Weatherford explained the demonstration:
Anyone can do them. Many of them are point and click. It’s to use a very simple spear phishing attack, craft an email, get someone to open and email. The email then compromises the computer, gives the attacker control of that computer to do whatever he wants on that computer, download files, violate the integrity of files and use that computer as a pivot point to go somewhere else. These are very common techniques and tactics that are used to do these kinds of things.
In less than five minutes, the demonstration showed how an attacker could attach malicious code to a PDF document — in this case a copy of the pending cybersecurity legislation — and send a fake email that seemed to go from a manager to an employee at DHS. When the victim opened the attachment, the victim’s computer was compromised. The demonstration showed how the attacker was able to get the victim’s passwords and then was able to download, delete, upload and change files. The hacker could turn on the computer’s microphone and record audio, and turn on the PC’s Web camera. You can see a similar demonstration at Spearphishing – The Movie.
Homeland Security officials said agencies can protect themselves by updating software patches often, which look for certain known attack codes in attachments. You can hear an interview with Secretary Weatherford at FederalNewsRadio.com.
Keeping your software patched is important. However, patches work against known malware, not new zero day exploits. At Iconix we believe prevention is also important. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. Click here to learn more.