Spear Phishing Attacks On Governments And Private Organizations Becoming More Prevalent

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

Lately, it’s been published that the Chinese military has been launching massive spear-phishing attacks against U.S. government agencies and companies, which have reportedly stolen terabytes of data, including government login IDs, passwords, as well as blueprints for sensitive military systems, have made it seem that.
The volume of attacks is such that "we have given up on the idea we can keep our networks pristine," said Stewart Baker, a former senior cyber-security official at the U.S. Department of Homeland Security and National Security Agency. Evidence showed that Chinese hackers have been launching large numbers of attacks against U.S. government agencies and businesses. The most notable of those attacks was arguably Operation Aurora, which targeted Google and some 33 other companies.
Google was compromised via targeted phishing attacks. Phishing, or also known as spear phishing, is a cyber threat using fake but personalized emails to trick people into visiting malicious websites or executing email attachments, which then attempt to exploit known vulnerabilities on the user's computer, giving attackers ...
... full control over it, and its contents. Security experts say that the majority of attacks emanating from China still employ spear-phishing. Incidents such as the recent hacks of Epsilon shows that phishing remain quite effective and difficult to block.
Hundreds of consumers in America that may be victims of phishing attempts, according to The Better Business Bureau (BBB), is probably due to the massive data breach of thousands of names and email addresses from Dallas-based Epsilon. The company, a third-party marketing service used by high-profile businesses to distribute emails to customers, confirmed the data breach April 1 and explained that the information stolen was limited to names and email addresses.
Hotels, banking institutions and retail giants including Best Buy, Citi, Chase, U.S. Bank, Capitol One, Walgreens, Kroger, Marriott International, Ritz-Carlton Rewards, Brookstone, New York & Co., TiVo, HSN and L.L. Bean are among the confirmed companies whose customer data has been stolen. Given that the hackers now have access to customer email addresses, there is an extremely high risk for phishing attacks, where hackers may pose as official companies in an attempt to fraudulently obtain consumers’ personal or financial information. Consumers are warned to use extreme caution and suggest the following tips to avoid becoming a victim of a phishing attack:
The Canadian government was also hit by spear phishing attack. The attackers, believed to be Chinese hackers, started by gaining access to the computers of several top senior government officials. Once accomplished, they sent emails to department IT staff pretending to be those officials. It seemed surprisingly easy for the hackers to dupe IT professionals and gain access to such sensitive information. It’s not known exactly what information was stolen, only that it was highly classified and from the Finance Department and Treasury Board. Both agencies were knocked completely offline by the attack. Although the country has been implicated in several other cyber-espionage attacks aimed at the U.S, the Chinese government has vehemently denied any involvement.
As phishing and other scams become more prevalent, UK government officials and businesses are working together in a concerted effort to stem the tide of scam emails. This comes as the BBC reports mass markets scams like phishing makes up one quarter of all scams but are responsible for 90% of all scam losses. That makes phishing a very real problem for businesses and consumers. The UK government has started requesting people forward emails they suspect are scams to the national fraud authority. According to the Anti Phishing Working Groups Global Phishing Survey, in the second half of 2009, there were 14,387 unique phishing attacks in the UK alone. Each one of these attacks has the potential to reach millions of people.
To help minimize their impact, it is advisable for companies to educate their customers about procedures and let them know genuine companies will never ask for personal details over email. The number of cyber attacks is only going to increase if organizations fail to pay attention on the vulnerabilities of their network security. Organizations need to implement robust information security initiatives, including having a proficiently skilled IT security workforce, in order to avoid cyber attacks and security breaches. IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of technically proficient information security professionals.
CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics, Advanced Application Security, Advanced Network Defense, and Cryptography, among others. These highly sought after and lab intensive information security training courses will be offered at all EC-Council hosted conferences and events, and through specially selected authorized training centers.

About EC-Council
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other information security training programs offered in over 70 countries around the globe. EC-Council has trained over 80,000 individuals in technical security training and certified more than 38,000 security professionals. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals.