Risk
12/28/2011
12:39 PM
Connect Directly
RSS
E-Mail
50%
50%

Aggressive Phishing Attack Targets Military Personnel

Emails containing malware, which appear to come from senior officers or legit companies, have been sent to military personnel during the holiday season.

NASA's Next Mission: Deep Space
NASA's Next Mission: Deep Space
(click image for larger view and for slideshow)
The U.S. military received an unwanted present this Christmas holiday season in the form of an "aggressive" phishing attack that's been making the rounds of .mil email accounts, according to the Army.

There are several attacks making the rounds, the most notable coming in the form of an email with the subject line "Deposit Posted" that appears to be from USAA, a financial services company that services members of the military as well as their families and veterans, according to an article on the U.S. Army's website.

The email asks people to open a file infected by Zeus malware that can access people's personal information and even require a complete reinstall of a computer's operating system.

[ The feds are dealing with a lot of technology challenges. Read 5 Lessons From Federal IT Project Reviews. ]

Other attacks have targeted U.S. military installations and defense facilities with emails that appear to come from senior officers or military authority figures. Those emails also request that the recipient download and install software that's depicted as a "critical security measure that must be immediately deployed," according to the Army. But rather than providing security, the software instead is either a Trojan Horse that can destroy systems and networks or data-mining software that can provide hackers with unauthorized access to information behind the firewall.

Phishing is usually an unsolicited email that appears to be coming from a legitimate institution--such as a bank or other financial company--that asks a recipient to give up personal information or download software. The military is asking its members to be cautious when opening any unsolicited email requests to download software or access secure information.

Phishing has consistently been one of the biggest security threats to the U.S. government for a number of years, although the number of actual incidents have been slacking off while other types of attacks have been on the rise, according to the United States Computer Emergency Readiness Team (US-CERT), which keeps track of U.S. cybersecurity incidents.

Still, the feds should remain wary of these types of attacks, which can wreak havoc if people fall for them. The Department of Energy's Oak Ridge National Laboratory shut down email and Internet access for more than a week in April after a sophisticated phishing attack that was sent to about 570 email accounts.

How 10 federal agencies are tapping the power of cloud computing--without compromising security. Also in the new, all-digital InformationWeek Government supplement: To judge the success of the OMB's IT reform efforts, we need concrete numbers on cost savings and returns. Download our Cloud In Action issue of InformationWeek Government now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Henry Hertz Hobbit
50%
50%
Henry Hertz Hobbit,
User Rank: Apprentice
12/31/2011 | 9:54:38 AM
re: Aggressive Phishing Attack Targets Military Personnel
If they are using POP / IMAP email isntead of web mail, why don't they shift to using Thunderbird? The phish stand out like a sore thumb.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1503
Published: 2014-08-29
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.

CVE-2013-5467
Published: 2014-08-29
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM)...

CVE-2014-0600
Published: 2014-08-29
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.

CVE-2014-0888
Published: 2014-08-29
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.

CVE-2014-0897
Published: 2014-08-29
The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection me...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.