Cyber-attackers Target Ornl

By Author: eccuni
Total Articles: 211
Comment this article

Recently, Oak Ridge National Laboratory (ORNL) detected cyber-attack forcing the organization to shut down website and suspend Internet access. The attack was reportedly aimed at stealing privileged information and acquiring remote access to vulnerable computer systems. Information security professionals of ORNL are investigating the incident and details of any data theft have not yet been disclosed. The precautionary measure to shut down the website was taken after security professionals noticed unusual Internet traffic. ORNL is the largest science and energy laboratory maintained by the U.S Department of Energy. The facility is home to Jaguar, the most powerful computer system. Jaguar has remained unaffected by the attacks. The facility conducts research on high-performance computing, neutron science, materials science, energy, biological systems and national security among others.

The attack followed a spear-phishing attack, which targeted the employees of ORNL. Cleverly crafted e-mails were sent to several employees, which appeared to arrive from the human resource department of the organization regarding some employee ...
... benefits. The e-mail lured employees to click on a link for getting more information on the benefits. Some employees, who clicked on the link, inadvertently downloaded information stealing malware on their computer systems. The malware is alleged to have exploited a flaw in Internet explorer. The affected computers have been quarantined to contain the spread of malware.

The organization has also suspended external e-mail service, which is likely to be restored soon. However, ORNL intends to disallow e-mail attachments as a precautionary measure. Security professionals of the organization have referred to the attacks as an Advanced Persistent Threat (APT). Last month, RSA had reported a similar APT attack, which resulted in the theft of information related to SecurID two-factor authentication.

Cyber-attacks on research institutions may result in disclosure of sensitive technical information, which may adversely affect strategic and national interests of a country. Cyber-attacks have grown in sophistication and frequency. The attacks may be launched by cybercriminals, rival intelligence agencies, activists and attackers loyal to rival countries. IT professionals need to update their technical skills and know-how through webinars, training sessions, security conferences and online IT degree programs to deal with the proactive cyber threats.

Organizations must regularly evaluate the security of their IT infrastructure by availing the services of professionals qualified in IT degree programs, secured programming and penetration testing. IT policy of the company must be regularly updated in accordance with the latest threats. IT professionals must implement the IT policy and ensure compliance by all employees of the organization.

Attackers are increasingly making use of social engineering techniques to extract confidential information from employees. E-learning programs, online IT courses and huddle sessions may help in creating awareness on latest security threats, techniques used by attackers and safe computing practices among employees. Access to computer systems containing privileged information must be restricted to only few authorized employees. These systems could be kept offline or on a separate network to prevent intrusion and unauthorized access. As evidence plays a crucial role in bringing offenders to justice, employees must be trained on the incident response procedures to be followed on the occurrence of a security incident. Employees must adhere to the security guidelines to safeguard computer systems and networks from security threats.