Security News > 2011 > April > Phishing: Consumer Education Lacking
http://www.bankinfosecurity.com/articles.php?art_id=3571 By Tracy Kitten Managing Editor Bank Info Security April 22, 2011 The Oak Ridge National Laboratory, located in Tennessee, recently disconnected Internet access after hackers attacked employees at the federal facility. On April 7, a spear phishing e-mail, feigning to be from human resources, was sent to 530 of the lab's 5,000 employees. The e-mail included a malicious link that exploited an Internet Explorer vulnerability, automatically downloading malware to PCs when opened. The lab referred to the hack as a "sophisticated" attack, similar to the advanced persistent threat that in March hit RSA. Fifty-seven employees reportedly fell victim. The lesson here: Spear phishing is quickly emerging as one of the cyberworld's greatest threats. On the heels of the highly publicized Epsilon e-mail breach, which is known to have affected more than 100 companies and brands, the Oak Ridge incident proves e-mail security risks far exceed what most industries are prepared to handle, says Neal O'Farrell, executive director of the Identity Theft Council, a grassroots support network for victims of identity theft. The council, established in late 2010, comprises a national network of partnerships between local law enforcement, financial institutions, businesses and volunteers. "I got calls from a number of credit unions after the Oak Ridge incident asking for my advice," O'Farrell says. "They obviously have not been affected by the breach, but with so many breaches coming to light, they have concerns about their own security and the security of their members." And the concern is real, O'Farrell says. "We have to acknowledge that no amount of technology is going to solve this problem," he says. "We really have to get back to the notion that consumers have to be vigilant before they click on a link. After you click, it's too late." [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/