The Pentagon divulged that its computer networks were penetrated by suspected Russian hackers using spear-phishing.
The hackers got into their unclassified email network used by the Joint Chiefs of Staff office with around 4,000 military and civilian employees. The Pentagon shut down the computer network once the attack was detected to stop additional data leaking out.
The Incident Response team suggested a state-sponsored hacking group, likely Russian, is responsible for the attack because of the level of sophistication. This recent email hack is very similar to the successful hack of the unclassified email system at the White House and State Department last year.
The attack against the network began around July 25 against the Joint Staff, which includes the chairman of the Joint Chiefs of Staff, Gen. Martin Dempsey, and other senior officers. It prompted the Pentagon to shut down the server for the Joint Staff’s roughly 4,200 unclassified email accounts.
The hackers came in through a spear-phishing attack, in which the attacker crafts an email designed to trick the receiver to open an attachment with a malware payload. Even if it is an unclassified network, especially at the most senior levels of the Pentagon, emails can be extremely sensitive and offer details into planning, schedules or personnel.
"If you are able to get all that information from three or four individuals’ emails or communication, you have an entire picture of what’s been worked on the classified side,” said Andre McGregor, a former cyber special agent at the Federal Bureau of Investigation who is now director of security at Tanium, a cybersecurity firm.
On Friday, the Pentagon held one-hour courses for Joint Staff employees on the need to be watchful when it comes to email security. The training focused on how to spot phishing emails. “It was an opportunity to inculcate the Joint Staff with best cyber practices, to raise the level of cybersecurity awareness,” the defense official said. Hackers tend to be determined individuals who are willing to keep probing until someone becomes complacent, the official added. “Adversaries live by no rules and they have all the time in the world,” he said.
"Barn, Horse" anyone? Defenders have to be 100% successful, attackers only need to get through once. That is why creating a "human firewall" is so important and even more important is sending frequent simulated phishing attacks to make sure no employees get complacent. Effective security awareness
training helps tremendously with that.Get a quote and find out how affordable this is for your organization.
Related Pages: Spear Phishing