SEA used spear-phishing in attack on NY Times



apt phishing focus 447728 resized 600

A spear-phishing attack, one of the most common and oldest cyber tricks in the book, enabled hackers to hijack and modify the DNS records for several domains on Tuesday, including The New York Times, Twitter and the Huffington Post U.K. on Tuesday.

The intruders responsible for Tuesday's incidents actually compromised a reseller account that had access to the IT systems of Australian registrar, Melbourne IT. An employee for one of the resellers responded to a spear phishing attack, which allowed the hackers to steal their account login credentials. Time for some effective security awareness training methinks!

Bruce Tonkin, chief technology officer with Melbourne IT, told SCMagazine.com on Wednesday that he would not reveal the identity of the reseller or the details of the phishing email, but he admitted to being surprised by how authentic the email appeared and explained that he “could see how people could be caught by it,” even “people in the IT industry.”

Full article at SC Magazine.

 

Related Pages: Spear Phishing




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews