Risk
12/28/2011
12:39 PM
Connect Directly
RSS
E-Mail
50%
50%

Aggressive Phishing Attack Targets Military Personnel

Emails containing malware, which appear to come from senior officers or legit companies, have been sent to military personnel during the holiday season.

NASA's Next Mission: Deep Space
NASA's Next Mission: Deep Space
(click image for larger view and for slideshow)
The U.S. military received an unwanted present this Christmas holiday season in the form of an "aggressive" phishing attack that's been making the rounds of .mil email accounts, according to the Army.

There are several attacks making the rounds, the most notable coming in the form of an email with the subject line "Deposit Posted" that appears to be from USAA, a financial services company that services members of the military as well as their families and veterans, according to an article on the U.S. Army's website.

The email asks people to open a file infected by Zeus malware that can access people's personal information and even require a complete reinstall of a computer's operating system.

[ The feds are dealing with a lot of technology challenges. Read 5 Lessons From Federal IT Project Reviews. ]

Other attacks have targeted U.S. military installations and defense facilities with emails that appear to come from senior officers or military authority figures. Those emails also request that the recipient download and install software that's depicted as a "critical security measure that must be immediately deployed," according to the Army. But rather than providing security, the software instead is either a Trojan Horse that can destroy systems and networks or data-mining software that can provide hackers with unauthorized access to information behind the firewall.

Phishing is usually an unsolicited email that appears to be coming from a legitimate institution--such as a bank or other financial company--that asks a recipient to give up personal information or download software. The military is asking its members to be cautious when opening any unsolicited email requests to download software or access secure information.

Phishing has consistently been one of the biggest security threats to the U.S. government for a number of years, although the number of actual incidents have been slacking off while other types of attacks have been on the rise, according to the United States Computer Emergency Readiness Team (US-CERT), which keeps track of U.S. cybersecurity incidents.

Still, the feds should remain wary of these types of attacks, which can wreak havoc if people fall for them. The Department of Energy's Oak Ridge National Laboratory shut down email and Internet access for more than a week in April after a sophisticated phishing attack that was sent to about 570 email accounts.

How 10 federal agencies are tapping the power of cloud computing--without compromising security. Also in the new, all-digital InformationWeek Government supplement: To judge the success of the OMB's IT reform efforts, we need concrete numbers on cost savings and returns. Download our Cloud In Action issue of InformationWeek Government now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Henry Hertz Hobbit
50%
50%
Henry Hertz Hobbit,
User Rank: Apprentice
12/31/2011 | 9:54:38 AM
re: Aggressive Phishing Attack Targets Military Personnel
If they are using POP / IMAP email isntead of web mail, why don't they shift to using Thunderbird? The phish stand out like a sore thumb.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.