Spearphishing? Deciding Isn’t Easy

Part of the fallout from the Office of Personnel Management (OPM) data breach is the need to provide identify protection services to the millions of compromised government employees. In its efforts to provide these services to compromised federal workers, the OPM contracted with a private company.  That contractor, CSID, sent an email with a link to enroll in identity protection services. ArmyTimes reports that acting upon warnings from the Army Threat Integration Center, Fort Meade's Cyber Security Network Defense Team identified a message from CSID as a spearphishing attempt. The Fort Meade Cyber Security Network Defense Team warned Army personnel to "close the message immediately and [...]

2018-04-05T13:14:43-04:00July 29th, 2015|Cybersecurity - General, Phishing, spear phishing|

Fake State Department Email Attacks Reporter

Yesterday, Aaron Boyd, a reporter at the Federal Times, wrote that someone tried to plant malware on his system through the use of a fake State Department email. Mr. Boyd reports: Among the many emails waiting in my inbox this morning was one that seemed to come through a State Department .gov domain address. It purported to be a fax from a State Department machine, containing a PDF file...Getting an unsolicited email or document isn't that unusual in the day-to-day of a reporter. However, the link to download the document went to a .org site (not the actual State Department site) [...]

2018-04-05T12:17:34-04:00July 22nd, 2015|Cybersecurity - General, SP Guard, spear phishing|

OPM- OMG! Update 2

OPM Director Katherine Archuleta resigned last week in the wake of the loss of millions of personnel records. Here’s the latest tally of lost records according to the Washington Post: Of those whose data was in the OPM background-check system, 19.7 million had applied for a security clearance. An additional 1.8 million were spouses, family members and other non-applicants, officials said. Also exposed were 1.1 million sets of fingerprints, detailed financial and health records, and computer usernames and passwords that applicants used to fill out their security-clearance forms online. Meeting with reporters last Thursday, FBI Director Comey said, It is [...]

2017-01-07T17:35:10-05:00July 13th, 2015|Cybersecurity - General, SP Guard, spear phishing|

OPM – OMG! Update

OPM director Katherine Archuleta told the Senate  and the House Oversight and Government Reform Committee that stolen passwords for a federal contractor were used by hackers in the two cyberattacks targeting federal employee data. Idan Tendler, head of Fortscale and a former agent of the 8200, Israel's cyberwarfare specialist group, told TechTarget: It's really no surprise that the OPM breach was traced back to a compromised credential as this is the case in nearly 80% of the breaches we have seen, including Target and Anthem. Compromised users continue to create great challenges for security teams. With legitimate access, it is difficult to [...]

2017-01-07T17:35:10-05:00July 1st, 2015|Cybersecurity - General, spear phishing|