[ISN] Phishing: Consumer Education Lacking

From: InfoSec News <alerts_at_private>
Date: Tue, 26 Apr 2011 01:58:10 -0500 (CDT)
http://www.bankinfosecurity.com/articles.php?art_id=3571

By Tracy Kitten
Managing Editor
Bank Info Security
April 22, 2011 

The Oak Ridge National Laboratory, located in Tennessee, recently 
disconnected Internet access after hackers attacked employees at the 
federal facility. On April 7, a spear phishing e-mail, feigning to be 
from human resources, was sent to 530 of the lab's 5,000 employees. The 
e-mail included a malicious link that exploited an Internet Explorer 
vulnerability, automatically downloading malware to PCs when opened.

The lab referred to the hack as a "sophisticated" attack, similar to the 
advanced persistent threat that in March hit RSA. Fifty-seven employees 
reportedly fell victim.

The lesson here: Spear phishing is quickly emerging as one of the 
cyberworld's greatest threats. On the heels of the highly publicized 
Epsilon e-mail breach, which is known to have affected more than 100 
companies and brands, the Oak Ridge incident proves e-mail security 
risks far exceed what most industries are prepared to handle, says Neal 
O'Farrell, executive director of the Identity Theft Council, a 
grassroots support network for victims of identity theft. The council, 
established in late 2010, comprises a national network of partnerships 
between local law enforcement, financial institutions, businesses and 
volunteers. "I got calls from a number of credit unions after the Oak 
Ridge incident asking for my advice," O'Farrell says. "They obviously 
have not been affected by the breach, but with so many breaches coming 
to light, they have concerns about their own security and the security 
of their members." And the concern is real, O'Farrell says. "We have to 
acknowledge that no amount of technology is going to solve this 
problem," he says. "We really have to get back to the notion that 
consumers have to be vigilant before they click on a link. After you 
click, it's too late."

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Apr 25 2011 - 23:58:10 PDT

This archive was generated by hypermail 2.2.0 : Tue Apr 26 2011 - 00:04:18 PDT