Risk
12/28/2011
12:39 PM
50%
50%

Aggressive Phishing Attack Targets Military Personnel

Emails containing malware, which appear to come from senior officers or legit companies, have been sent to military personnel during the holiday season.

NASA's Next Mission: Deep Space
NASA's Next Mission: Deep Space
(click image for larger view and for slideshow)
The U.S. military received an unwanted present this Christmas holiday season in the form of an "aggressive" phishing attack that's been making the rounds of .mil email accounts, according to the Army.

There are several attacks making the rounds, the most notable coming in the form of an email with the subject line "Deposit Posted" that appears to be from USAA, a financial services company that services members of the military as well as their families and veterans, according to an article on the U.S. Army's website.

The email asks people to open a file infected by Zeus malware that can access people's personal information and even require a complete reinstall of a computer's operating system.

[ The feds are dealing with a lot of technology challenges. Read 5 Lessons From Federal IT Project Reviews. ]

Other attacks have targeted U.S. military installations and defense facilities with emails that appear to come from senior officers or military authority figures. Those emails also request that the recipient download and install software that's depicted as a "critical security measure that must be immediately deployed," according to the Army. But rather than providing security, the software instead is either a Trojan Horse that can destroy systems and networks or data-mining software that can provide hackers with unauthorized access to information behind the firewall.

Phishing is usually an unsolicited email that appears to be coming from a legitimate institution--such as a bank or other financial company--that asks a recipient to give up personal information or download software. The military is asking its members to be cautious when opening any unsolicited email requests to download software or access secure information.

Phishing has consistently been one of the biggest security threats to the U.S. government for a number of years, although the number of actual incidents have been slacking off while other types of attacks have been on the rise, according to the United States Computer Emergency Readiness Team (US-CERT), which keeps track of U.S. cybersecurity incidents.

Still, the feds should remain wary of these types of attacks, which can wreak havoc if people fall for them. The Department of Energy's Oak Ridge National Laboratory shut down email and Internet access for more than a week in April after a sophisticated phishing attack that was sent to about 570 email accounts.

How 10 federal agencies are tapping the power of cloud computing--without compromising security. Also in the new, all-digital InformationWeek Government supplement: To judge the success of the OMB's IT reform efforts, we need concrete numbers on cost savings and returns. Download our Cloud In Action issue of InformationWeek Government now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Henry Hertz Hobbit
50%
50%
Henry Hertz Hobbit,
User Rank: Apprentice
12/31/2011 | 9:54:38 AM
re: Aggressive Phishing Attack Targets Military Personnel
If they are using POP / IMAP email isntead of web mail, why don't they shift to using Thunderbird? The phish stand out like a sore thumb.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4231
Published: 2015-07-03
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.

CVE-2015-4232
Published: 2015-07-03
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

CVE-2015-4234
Published: 2015-07-03
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.

CVE-2015-4237
Published: 2015-07-03
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv0...

CVE-2015-4239
Published: 2015-07-03
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report