• Directories
    • Seattle iBusiness Directory
    • Seattle24x7 VC and Angel Directory
    • Seattle24x7 Area Tourist Attractions (& Hotels)
    • Seattle’s Top SEO/AdWords Firms (Top 5)
  • Community
    • E-City
    • People
    • ShopTalk
    • What’s Brewing?
  • Calendar
    • Calendar
  • Venues
    • The Seattle24x7 Conference & Meeting Venues Directory
  • Commentary
    • Advisor X
    • Pioneer Squared
    • Previews & Reviews
    • SiteCynic
    • Tech Humor
  • Jobs Board
  • Contact
    • Seattle24x7 Job Posting Form
    • Seattle 24×7 Company Inclusion Form
    • Calendar/Event Submission
Search
Friday, March 5, 2021
  • About Us
Seattle 24×7
  • Directories
    • Seattle iBusiness Directory
    • Seattle24x7 VC and Angel Directory
    • Seattle24x7 Area Tourist Attractions (& Hotels)
    • Seattle’s Top SEO/AdWords Firms (Top 5)
  • Community
    • WTIA Promotes Diversity, Equity and Inclusion with New Board Leadership

      Live from Mars: Seattle’s First Mode Puts On A “3-D Rock and Roll” Show

      Volkswagen teams with Microsoft for Automated Driving

      Do R’s and D’s Have Different Brains? Spoiler Alert: Our Research Has Over 57 Citations.

      The Digital Strategist in 2021: “V” is for Voice, Video, and Velocity

      AllE-CityPeopleShopTalkWhat’s Brewing?
  • Calendar
    • Calendar
  • Venues
    • The Seattle24x7 Conference & Meeting Venues Directory
  • Commentary
    • Zillow Launches Next-Generation 3D Tours

      XR Startup Accelerator Links Cascadia Region

      What exactly is Blockchain?

      Conquering COVID-19: There’s an App for That!

      A Retail Ecommerce Vaccine: Support-Local Converts Bricks to Clicks

      AllAdvisor XPioneer SquaredPreviews & ReviewsSiteCynicTech Humor
  • Jobs Board
  • Contact
    • Seattle24x7 Job Posting Form
    • Seattle 24×7 Company Inclusion Form
    • Calendar/Event Submission
Home Advisor X Don’t Get Schooled By Spear Phishing — The Oncoming Assault
  • Commentary
  • Advisor X

Don’t Get Schooled By Spear Phishing — The Oncoming Assault

Twitter
Pinterest
WhatsApp
Email
Print

    By Rod Rasmussen, IID President and Chief Technology Officer

    The numbers are truly staggering. More than 100 million people’s names, home addresses, email addresses, dates of birth, phone numbers and more were stolen at Sony, while tens of millions of additional email addresses were stolen during a data breach at marketer Epsilon. And what is even scarier, these breaches occurred over just the last few months!

    While Sony is a household name, Epsilon might not be. Yet the brands represented by this email marketer, like Best Buy, Citibank and the Walt Disney Company, are probably very familiar, and most likely someone you’ve done business with.

    What is worrisome about all of this personal information floating around out there is the fact that it gives cyber criminals all they need to launch highly targeted spear phishing campaigns — attacks that are often successful because they are so targeted.

    What is spear phishing?

    Simply put, spear phishing scammers come after specific individuals directly armed with insight into their spending habits and other personal information that only those close to an individual or a company they do business with would know. The lure is an unwanted communication that looks and “feels” very real, and may just disappear into a spam filter. But at worst, spear phishing contains malicious software or malware, or has enough validity to fool people into exposing private information like account and credit card data, social security numbers and more.  And because the spear phishers add those personal details, even people who are familiar with run-of-the-mill spam or even generic phishing attacks often fall for the ruse.

    In Sony, Epsilon, and many others’ breach cases, hackers now have just the details on potential victims they need. The fact that attackers will now know which vendors people do business with, and thereby expect to receive email from, is a big deal. Instead of sending out generic emails that hope to trick a handful of customers, the scammers now have an exact list of people who are already customers and are likely to open and interact with emails.  The phishing has now become a targeted spear.

    More than a personal threat

    These anticipated spear phishing campaigns pose a huge threat to organizations worldwide, resulting in everything from corporate espionage to a hijacked website. That’s because if an employee is lured to a malicious site, they run the risk of getting malicious software loaded onto their computer. This malware can take over a computer and literally access every piece of information on it or network it connects to, without a user even knowing. The possibilities are endless — everything from emails to partners, business plans, large bank transactions and more can be captured — resulting in corporate espionage, millions of dollars in redirected funds and even the hijacking of an entire Web presence.

    For example, in April of this year, the Oak Ridge National Laboratory in Tennessee suffered a spear phishing attack that led to malware being downloaded. After the federal facility was hacked, it was forced to disconnect Internet access for its entire staff as administrators discovered data being siphoned from a server.

    Now let’s consider the risk.  The lab, which conducts classified and unclassified energy and national security work for the federal government, is funded by the U.S. Department of Energy. Its science and technology research includes work on nuclear nonproliferation and isotope production. The lab, ironically, also does cyber security research focusing on, among other things, researching malware and vulnerabilities in software and hardware as well as phishing attacks. All told, the data being housed there is highly classified and, in the wrong hands, could lead to considerable trouble.

    Experts believe other highly publicized successful hacking attacks this year, including those against security giant RSA and the massive defense contractor Lockheed Martin, have been pulled off, in part, via spear phishing attacks. So this isn’t a theoretical exercise, it’s happening today and with devastating results.

    Time for a new approach

    Traditionally, enterprises have protected themselves against outside threats with a border approach, like firewalls, to protect the inside from attackers “out there” ever reaching an employee. However, firewalls have little if any effectiveness against spear phishing since those attacks APPEAR to be coming from a trusted source. Inevitably, an employee will fall for such a scam and access a malicious Internet location, putting an enterprise’s vital information and its Web presence at risk.

    What is needed is a new approach concentrating from the outside in — one that resolves employee traffic requests and transmissions, including access to various websites, receiving email and more. By using a service monitoring what’s happening outside an organization’s walls and how your organization interacts, you are quite literally doubling your security.

    The phishing stops here

    Chances are, given the extent of recent data breaches, you or someone you know has personal information in the hands of cyber schemers. And taken a step further, those cyber schemers will hook someone at your organization into clicking on a bad link with a spear fishing assault. But since we know these attacks are coming, shouldn’t your enterprise be prepared? Never more than now is the old saying appropriate: “Fool me once, shame on you, fool me twice, shame on me.” Don’t get schooled by spear phishing.

    Rod Rasmussen is President and chief technology officer at IID.

    IID (Internet Identity) has been providing technology and services that secure the Internet presence for an organization and its extended enterprise since the company was founded in 1996. It recently started delivering the industry’s first and only solution for detecting, diagnosing and mitigating domain name system (DNS) and border gateway protocol (BGP) security and configuration issues for an organization and its extended enterprise. IID also provides anti-phishing, malicious software (malware) and brand security solutions for many of today’s leading financial services firms, and e-commerce, social networking and ISP companies, and more. The company is working hard to deliver solutions that help keep the Internet safe and trusted for businesses. IID is headquartered in Tacoma, Washington. More information can be found at www.internetidentity.com.

    • TAGS
    • additional email addresses
    • business
    • chief technology officer
    • cyber criminals
    • information
    • risk
    • security
    • social security numbers
    • Spear
    • walt disney company
    Twitter
    Pinterest
    WhatsApp
    Email
    Print
      Previous articleSeattle Welcomes SMX Advanced and WTIA GoGlobal Events
      Next articleSocial Media Manager, Übermind

      RELATED ARTICLESMORE FROM AUTHOR

      Advisor X

      Lose Your Laptop? Here’s What to Do!

      Advisor X

      Amazon IPI Changes & Storage Limits: Know the Score

      Advisor X

      How Localization without Personalization Misses the Mark

      Latest Press Releases

      Spotlight Jobs

      • Head of Content Marketing, Amazon Web Services

      • Content Strategist, Facebook

      • Digital Advertising Account Executive, Seattle24x7

      Welcome to Seattle24x7, the first-ever Puget Sound online business community and the one-and-only, dot-com combination of Company Directory, Community and Commentary.
      Contact us: info@seattle24x7.com

      Community

      WTIA Promotes Diversity, Equity and Inclusion with New Board Leadership

      Live from Mars: Seattle’s First Mode Puts On A “3-D...

      Volkswagen teams with Microsoft for Automated Driving

      Commentary

      Zillow Launches Next-Generation 3D Tours

      XR Startup Accelerator Links Cascadia Region

      What exactly is Blockchain?

      • Privacy
      • Site Map
      © Seattle 24×7 1999-2018. All rights reserved.
      Edit with Live CSS
      Save
      Write CSS OR LESS and hit save. CTRL + SPACE for auto-complete.