On October 11, 2012, Leon Panetta, the US Secretary of Defense, spoke about the cyberthreats against the United States. He called cyberthreats a potential cyber Pearl Harbor.

You can read a transcript of his remarks here.

The Secretary spoke about the recent denial of service attack on financial institutions. He disclosed a previous classified attack on US oil interests:

But even more alarming is an attack that happened two months ago when a very sophisticated virus called Shamoon infected computers in the Saudi Arabian State Oil Company Aramco.  Shamoon included a routine called a ‘wiper’, coded to self-execute.  This routine replaced crucial systems files with an image of a burning U.S. flag.  But it also put additional garbage data that overwrote all the real data on the machine.  More than 30,000 computers that it infected were rendered useless and had to be replaced.  It virtually destroyed 30,000 computers.

What is the most common digital backdoor that is wide open to our cyber adversaries?  As the Administration recently demonstrated for the U.S. Senate, that backdoor is spearphishing. Spearphishing is a cyberattack in which the adversary sends a highly targeted email to the intended victim in order to deceive the victim into an action (e.g., visit a website, click a link, open an attachment) that compromises the security of the systems. Note that in spearphishing, the point of attack is not the security technology, but the people.  Why are the people targeted instead of the systems? Because targeting people is the easiest and most effective way to enter a secure network. How effective is spearphishing?  Spearphishing has been demonstrated to have an effectiveness rate of up to 75%.

How can a spearphishing attack be prevented?  What is needed is a method to deprive the attacker of his ability to deceive. Spearphishers deceive by masquerading as trusted senders. At Iconix we identify trusted senders. Our identification system fights attackers masquerading as trusted senders. SP Guard from Iconix provides the ability to distinguish real email from spearphishing attacks. Click here to learn more. You can contact us at 408-727-6342, ext 3 or use our online form.