It is being widely reported in the press that the US State Department has been compromised in a cyberattack.
US State Department
USA Today reports that although no classified information was compromised, the attack has forced the State Department to take down its unclassified email system. USA Today reports:
To learn that additional government agencies beyond the White House were attacked, “is not at all surprising,” said Rick Holland, a principal analyst and cybersecurity expert at Forrester Research. “What is surprising is that we are two weeks into it and it’s just now coming out. Likely, the attacker is using the same type of technique to break into these networks and maybe through an investigation (the State Department) just learned that it was worse.”
How could this happen? Holland discussed this in a Federal Times interview:
“This year in particular, it seems overwhelming,” he said. “It indicates how easy it is to break into these environments.”
Judging from the fact that State Department email was shut down to remediate the breach, Holland posited that the attack was likely in the form of spear-phishing, in which a specially tailored email is sent to someone within an organization to prompt them to click through.
This tactic is often seen in cyber espionage, he said, and can be incredibly effective.
“Even for us cybersecurity guys, if we get a well-crafted email we might click on it,” he admitted. “Security awareness and training has a component … But ultimately it comes down to agencies themselves to have situational awareness — the ability for quick detection and response.”
Regrettably, situational awareness is not the hallmark of email. The three Carronade studies at West Point showed that people did a poor job processing email. In “Why do people get phished?”, researchers led by Prof. Arun Vishwanath explored the detailed psychology of spearphishing and concluded that the way the human mind works makes people very susceptible to spearphishing attacks.
The attackers are targeting users to infiltrate systems. Users need tools that assist them in identifying cleverly constructed spearphishing emails. That is the function of SP Guard.