Wednesday, June 29, 2011

Military Personnel To Be Spear Phished

Gannett, the publisher DefenseNews, the highly regarded military and defense news website, was hacked into. Hackers stole contact information of current and retired defense contractors and military personnel:

On June 7, 2011, the Gannett Government Media family of websites suffered a cyber attack that resulted in some users being unable to access parts or all of the websites. We also discovered that the attacker gained unauthorized access to files containing information of some of our users. The information in those files included first and last name, userID, password, email address, the internal number we assigned to the account, and, if provided, ZIP code, duty status, paygrade, and branch of service.

This contact information is very useful to launch customized phishing attacks, also known as spear phishing attacks, which have a higher success rate. In fact, spear phishing attacks coupled with zero day vulnerabilities led to some of the biggest hacks of very large entities that had seemingly been impenetrable due to the adoption of security software. It turns out that the security software that was adopted and breached were using "old" technologies. It is important to always keep one step ahead of the bad guys. They will never give up. Security should not be looked at as a cost in the IT department, but as important as the brand value. We only know the value of fire retardants and extinguishers after the house has burned down.

No comments:

Post a Comment