On September 17, 2014, the Senate Armed Services Committee released a declassified version of its report Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors.
In the report the Committee detailed intrusions into key US defense transportation assets. This passage from page viii is representative of the Committee’s findings.
What is the sophisticated cyber method used by these APT actors?
Spearphishing. The classic cyber-intrusion method in which the attacker sends the intended victim a deceptive email. Taking the action called for in the deceptive email initiates a chain of events which compromises systems. After this chain of events is initiated, cyber defenders are left with the difficult task of finding cyberspies — cyberspies who are expert at hiding their activities.
It is worth noting in passing an unintended consequence of releasing the plain text declassified report. One of the challenges for APT attackers is drafting convincing spearphishing bait. Attack materials must not be suspicious — the bait must not raise warnings in the mind of the intended victim. This report provides an excellent writing sample for future attackers to mimic. Col. Greg Conti, head of cyber warfare research at West Point, observed in the New York Times:
What’s ‘wrong‘ with these e-mails is very, very subtle. They’ll come in error-free, often using the appropriate jargon or acronyms for a given office or organization.
Taking human thought processes as a given, defenders need effective tools to address deceptive emails. That is where SP Guard steps in. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner. You can contact us using our online form.