Spearphishing? Deciding Isn’t Easy

Part of the fallout from the Office of Personnel Management (OPM) data breach is the need to provide identify protection services to the millions of compromised government employees. In its efforts to provide these services to compromised federal workers, the OPM contracted with a private company.  That contractor, CSID, sent an email with a link to enroll in identity protection services.

ArmyTimes reports that acting upon warnings from the Army Threat Integration Center, Fort Meade’s Cyber Security Network Defense Team identified a message from CSID as a spearphishing attempt. The Fort Meade Cyber Security Network Defense Team warned Army personnel to “close the message immediately and report it as spam to the Cyber Security Network Defense Team,” according to a warning posted on the Fort Meade Facebook page.

The message has lots of spearphishing red flags to trigger a warning, but it was real.

Learn more at our new blog.

Yesterday, Aaron Boyd, a reporter at the Federal Times, wrote that someone tried to plant malware on his system through the use of a fake State Department email. Mr. Boyd wrote that he was able to determine that this attachment was being used to attempt to infect his system.

Fake Email Fax

What is unusual about this incident wasn’t the attack — it was the response of the intended victim. Mr. Boyd’s very careful approach to email is laudable — but it is also unusual.  Also yesterday, Ilia Kolochenko, writing in CSO, wrote about ease with which people can be tricked with fake emails.

Learn more at our new blog.

 

OPM – OMG! Update 2

OMP Director Katherine Archuleta resigned last week in the wake of the loss of millions of personnel records.

Here’s the latest tally of lost records according to the Washington Post:

Of those whose data was in the OPM background-check system, 19.7 million had applied for a security clearance. An additional 1.8 million were spouses, family members and other non-applicants, officials said.

Also exposed were 1.1 million sets of fingerprints, detailed financial and health records, and computer usernames and passwords that applicants used to fill out their security-clearance forms online.

Meeting with reporters last Thursday, FBI Director Comey said,

It is a very big deal from a national security perspective and from a counterintelligence perspective. It’s a treasure trove of information about everybody who has worked for, tried to work for, or works for the United States government.

No one is saying how the hack was pulled off. In a speech last week, Jeh Johnson, Secretary of Homeland Security, observed,

What amazes me when I look into a lot of intrusions, including some really big ones by multiple different types of actors, it often starts with the most basic active spear-phishing where somebody is allowed in the gate and penetrates a network simply because an employee clicked on something he or she shouldn’t have.

Secretary Johnson

How do you keep people from clicking on something he or she shouldn’t have? That is where SP Guard from Iconix comes into help defend against spearphishing by providing employees with visual trust indicators, helping them tell real emails from clever attacks.

OPM – OMG! Update

OPM director Katherine Archuleta told the Senate  and the House Oversight and Government Reform Committee that stolen passwords for a federal contractor were used by hackers in the two cyberattacks targeting federal employee data.

 

Learn more at our new blog.