[ISN] To defeat phishing, Energy learns to phish

From: InfoSec News <alerts_at_private>
Date: Tue, 14 Jun 2011 00:11:53 -0700 (MST)
http://gcn.com/articles/2011/06/13/doe-phishing-test.aspx

By William Jackson
GCN.com
June 08, 2011

The Energy Department’s Oak Ridge National Laboratory received more than 
500 e-mails in April that appeared to be from the lab’s benefits 
department and contained a link for more information. The link which 
actually downloaded malicious code when users clicked on it.

Several recipients clicked on it, said Barbara Penland, the lab’s deputy 
director of communications. “One computer was set up in a way that gave 
access to our network.”

As a result of the ensuing malware infection that collected technical 
information to export from the lab, Oak Ridge shut down its Internet 
access for more than a week, interrupting research on clean energy and 
other topics.

The employees should have known better. The Energy Department conducts two 
to four phishing exercises a year at its field sites, testing awareness 
and educating users. But the constantly evolving, increasingly 
sophisticated attacks make them difficult to adequately defend against.

[...]


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Tue Jun 14 2011 - 00:11:53 PDT

This archive was generated by hypermail 2.2.0 : Tue Jun 14 2011 - 00:28:23 PDT