Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Workers At U.S. Nuclear Regulator Fooled By Phishing

    Atomic ExplosionAntone Gonsalves at CSO reported something that worries me, and this SHOULD NOT BE at this day and age.

    "Nuclear Regulatory Commission employees were tricked into disclosing passwords and downloading malware in three foreign-based phishing attacks that occurred over a three-year period. The incidents were described in an inspector general report obtained by the publication Nextgov through an open-records request.

    The NRC's job is to ensure that the nation's nuclear power industry is following federal safety regulations. Because the NRC collects large amounts of information from nuclear facilities, the attackers were likely after that data to learn more about plant operations, Andrew Gintner, vice president of industrial security at Waterfall Security Solutions, said.

    In one incident, the attackers sent email to 215 NRC employees, asking them to verify their accounts by clicking on a link and logging in with their user name and password.

    A dozen employees clicked on the link, which actually connected to a spreadsheet on Google Docs. After the incident was reported, the NRC cleaned the workers' systems and changed their credentials, a commission spokesman told Nextgov.

    In another incident, attackers tricked an employee into clicking on an email link that downloaded malware from Skydrive, Microsoft's file hosting service that is now called OneDrive. The employee was one of a number of workers who received email in the spearphishing attack, the report said.

    Both of the attacks originated from foreign countries that were not identified. In the third incident, the attacker hacked an employee's email account and used the contact list to send email carrying a malicious attachment to 16 other employees, according to Nextgov. One employee opened the attachment, which infected the NRC computer. Whether the
    attack was from a foreign country was not known. 

    The inspector general report listed 17 compromises or attempted compromises that occurred from 2010 to November 2013, Nextgov said. During the 2013 fiscal year, U.S. government agencies reported 46,160 "cyber-incidents" in which computers were compromised, according to a report by the Government Accountability Office. The number represented a 33 percent increase from fiscal 2012.

    Security Awareness Training anyone? PLEASE?

     Get A Quote Now

    There is more to this story, so continue to read here: http://www.csoonline.com/article/2466725/physical-security/workers-at-u-s-nuclear-regulator-fooled-by-phishers.html

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, Security Awareness Training, Cybercrime, Hacking

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews