Last week it was revealed the about 4 million former and current federal employees were impacted by a data breach at the Office of Personnel Management.
Yesterday morning at a press conference in Germany, the President said, “We have known for a long time that there are significant vulnerabilities, and that these vulnerabilities are going to accelerate as time goes by, both in systems within government and within the private sector.”
As if acting on cue, a few hours after the President’s prediction that things would get worse, things got worse. Brig. Gen. Malcolm B. Frost, U.S. Army, announced that the Army’s official website had been hacked:
“Today an element of the Army.mil service provider’s content was compromised.”
Although the details of the Army breach have yet to be released, historically, the Syrian Electronic Army has relied heavily on one tool to do its dirty work — spearphishing.
Spearphishing compromises systems by deceiving users into granted attackers access. Deception takes place in the mind of the person who is being attacked, not in computers. Users will decide which emails to trust. That decision can be guesswork or it can be guided by IT using SP Guard.