Risk
12/28/2011
12:39 PM
50%
50%

Aggressive Phishing Attack Targets Military Personnel

Emails containing malware, which appear to come from senior officers or legit companies, have been sent to military personnel during the holiday season.

NASA's Next Mission: Deep Space
NASA's Next Mission: Deep Space
(click image for larger view and for slideshow)
The U.S. military received an unwanted present this Christmas holiday season in the form of an "aggressive" phishing attack that's been making the rounds of .mil email accounts, according to the Army.

There are several attacks making the rounds, the most notable coming in the form of an email with the subject line "Deposit Posted" that appears to be from USAA, a financial services company that services members of the military as well as their families and veterans, according to an article on the U.S. Army's website.

The email asks people to open a file infected by Zeus malware that can access people's personal information and even require a complete reinstall of a computer's operating system.

[ The feds are dealing with a lot of technology challenges. Read 5 Lessons From Federal IT Project Reviews. ]

Other attacks have targeted U.S. military installations and defense facilities with emails that appear to come from senior officers or military authority figures. Those emails also request that the recipient download and install software that's depicted as a "critical security measure that must be immediately deployed," according to the Army. But rather than providing security, the software instead is either a Trojan Horse that can destroy systems and networks or data-mining software that can provide hackers with unauthorized access to information behind the firewall.

Phishing is usually an unsolicited email that appears to be coming from a legitimate institution--such as a bank or other financial company--that asks a recipient to give up personal information or download software. The military is asking its members to be cautious when opening any unsolicited email requests to download software or access secure information.

Phishing has consistently been one of the biggest security threats to the U.S. government for a number of years, although the number of actual incidents have been slacking off while other types of attacks have been on the rise, according to the United States Computer Emergency Readiness Team (US-CERT), which keeps track of U.S. cybersecurity incidents.

Still, the feds should remain wary of these types of attacks, which can wreak havoc if people fall for them. The Department of Energy's Oak Ridge National Laboratory shut down email and Internet access for more than a week in April after a sophisticated phishing attack that was sent to about 570 email accounts.

How 10 federal agencies are tapping the power of cloud computing--without compromising security. Also in the new, all-digital InformationWeek Government supplement: To judge the success of the OMB's IT reform efforts, we need concrete numbers on cost savings and returns. Download our Cloud In Action issue of InformationWeek Government now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Henry Hertz Hobbit
50%
50%
Henry Hertz Hobbit,
User Rank: Apprentice
12/31/2011 | 9:54:38 AM
re: Aggressive Phishing Attack Targets Military Personnel
If they are using POP / IMAP email isntead of web mail, why don't they shift to using Thunderbird? The phish stand out like a sore thumb.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.