Cyber-attackers target government and defense computer systems to gain access to classified information, which could compromise national security and also put critical infrastructure under risk. Threat to government and defense computer systems may arrive from rival intelligence agencies, activists, self-proclaimed Internet vigilante groups and cyber-attack groups. Cyber-attackers always strive to improvise their modus operandi to achieve their ends. Recently, various websites of Gannett Government Media Corporation suffered cyber-attacks resulting in disruption of access to users. The affected websites include military times, federal times, Gannett Government Media Corporation, and defense times. The company publishes military news such as those related to Army, Air Force, Navy, Marine Corps and National Guard and Reserve. Computer forensics professionals are reportedly investigating the security incident. Preliminary investigations suggest cyber-attackers were reportedly successful in gaining unauthorized access to documents containing first and last name, login credentials, e-mail address and internal numbers provided by Gannett. According to the company, some records may also contain information related to duty status, pay grade, service branch, and ZIP code. However, Gannett claims that financial remains of the users of the websites remain unaffected by the security breach.
The publication is likely to have military personnel as members. Cyber-attackers having access to extracted information may initiate sophisticated cyber-attacks to collect more privileged information form military and defense personnel. In the recent times, cyber-attackers have used spear phishing attacks involving misuse the collected information to masquerade as supervisors, subordinates or peers to defraud targeted individuals into sharing disclosed information. Late last year, several government officials including cyber security specialists received Christmas greeting card, which seemingly appeared to come from White House domain. The card was a malware aimed at stealing confidential data. More recently, Google reported attempts to compromise e-mail accounts of U.S government officials by misusing the forwarding feature in Gmail. The purpose again was to access sensitive information that attackers may use to launch more sophisticated attacks. Google alleged that a nation state was behind the attack. Sophisticated attacks make it inevitable for cyber security professionals to constantly upgrade their skills by undertaking security certifications and online university degree programs.
Affected members must immediately change their passwords on the affected websites and other online sites, wherein the same login credentials are used. Use of strong and unique passwords is the basic but often ignored aspect of cyber security. Attackers having access to login credentials of one user account, may attempt to gain access to other online accounts of the affected user through brute force attacks.
Security awareness training programs, e-flyers and e-tutorials may help Internet users in keeping themselves updated of security threats and precautionary measures. Employees may take advantage of the online degree programs to improve cyber security awareness and gain insights on information security practices.
Cyber-attackers may exploit SQL injection vulnerabilities to gain access to associated databases of websites and steal, alter or damage sensitive information stored on them. Attackers may also exploit cross-site scripting and other websites. As such, regular scrutiny of websites is crucial to detect and mitigate vulnerabilities before their exploitation by attackers. Professionals qualified in masters of security science, secured programming, and penetration testing may enable organizations in making proper threat assessment and initiating corrective action.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: [email protected]
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
