DoD Battles Spear Phishing

  • Article

This is a very interesting article: https://www.fcw.com/article97186-12-26-06-Web

My favorite part of the article (emphasis added is all mine):
"JTF-GNO illustrated the sophistication of spear phishing attacks DOD faces in a “DOD Spear Phishing Awareness Training” presentation obtained by Federal Computer Week. That presentation shows a faked message that appears to come from the operations division at the Pacific Command (Pacom) with a PowerPoint attachment concerning the Pacom “Valiant Shield” exercise held this summer.

But the seemingly legitimate address and PowerPoint slides were fake, and clicking on the attachment would launch malware that could infect the user’s computer, the JTF-GNO presentation warned. All DOD employees and contractors must spear phising awareness training by Jan. 17, 2007, according to internal DOD messages.

JTF-GNO acknowledged its spear phishing challenges in its awareness presentation which states, “The attacker selectively chooses the recipient (target) and usually has a thorough understanding of the target’s command or organization.”

Spear phishing e-mail messages appear genuine, have legitimate operational and exercise names, and may address the recipient by name and use internal lingo and jargon, the JTF-GNO presentation states.

Last month, JTF-GNO mandated use of plain text e-mail. HTML messages pose a threat to DOD because the code can contain spyware, and in some cases, could contain executable code that could enable intruders to access DOD networks, a JTF-GNO spokesman said.

The department also beefed up its network security and e-mail security in November with a new generation of Common Access Cards, which include public-key infrastructure to access e-mail. DOD users are also supposed to digitally sign their e-mail messages.

But the JTF-GNO spear phishing awareness presentation makes it clear that technology alone will not defeat the threats spear phishing pose. JTF-GNO instructed DOD e-mail users to ensure that the source is legitimate and the message is digitally signed before they click on any link in a message or open an attachment.

E-mail messages from organizations or individuals outside DOD should be viewed with caution, the JTF-GNO presentation states, and DOD e-mail users should be suspicious of their formats and attachments.

DOD spokespeople have declined to identify the sources behind the spear phishing attacks or e-mail messages infected with malware. But in a presentation to the AFCEA LandWarNet conference this summer, Lee LeClair of the Army’s Network Enterprise Technology Command/9th Signal Command said U.S. military networks are faced with attacks by state-sponsored teams that control botnets and engage in spear phishing."

 

Hmm some of those recommendations all sound very familair. :)  So how would YOUR organization fair against a spear phishing attack like the ones hitting the DoD??  Are your employees aware of the threats posed by seemingly legitimate emails with seemingly 'innocent' / 'safe' attachments?