Source: Computer World
The successful use of phishing emails to breach secure organizations like Oak Ridge National Laboratory and RSA are stark reminders of the serious threat posed by what some experts have dismissed as as a low-tech method of attack.
Oak Ridge, a U.S. Department of Energy-run research lab, this week disclosed it had shut down all Internet access and email services after discovering a sophisticated data stealing malware program on its networks.
According to the lab, the breach originated in a phishing email that was sent to about 570 employees. The emails were disguised to appear as notes about benefits changes written by the lab’s HR department. When a handful of employees clicked on the embedded link in the email, a malware program was downloaded onto their computers.
In terms of internal security, people are the weakest link – which makes phishing the emerging threat to any organization. Regular awareness training is one of the key control to countermeasure Phishing.
Latest titles on Phishing and countermeasures
- Top Federal Lab Hacked in Spear-Phishing Attack (wired.com)
- How to get ahead of spear phishing (securityskeptic.typepad.com)
- Phishing Attack Hits Oak Ridge National Laboratory (informationweek.com)