Recently, Google unearthed a major spear phishing campaign. Cybercriminals reportedly collected passwords of hundreds of Gmail users. The affected accounts include those of Chinese political activists, senior government officials of United States (U.S), and Asian countries, South Korea in particular, military officials and journalists. According to Google, the purpose of the spear phishing attack seems to be monitoring the contents of the targeted users. The offenders allegedly used the extracted passwords to gain unauthorized access to the Gmail accounts, and altered the forwarding and delegation settings. While the e-mail service provider has said that the latest attack supposedly originated from Jinan, China, the company has not provided any evidence to collaborate the same. Information security professionals of the company were successful in disrupting the account hijacking campaign and have initiated steps to secure the accounts of the affected individuals. The company has also notified the affected users.
In case of a spear phishing attack, cybercriminals send specially crafted e-mails to target individuals or employees affiliated to an organization, with the intention of gaining access to privileged information. Spear phishing e-mails are often hard to detect as they appear to come from a legitimate source such as peers, subordinates, system administrators, supervisors or stakeholders.
Government, military, defense and intelligence personnel often face spear phishing attacks. Last year, several U.S government employees and contracted professionals were targets of a more sophisticated spear phishing attack. They apparently received a Christmas greeting card, which appeared to come from White House. On clicking the greeting link, the targeted individuals received a prompt to open a .zip file. Individuals, who opened the file, inadvertently downloaded a Zeus Trojan in their computer systems without their knowledge. Ironically, the cleverly crafted e-mail was even successful in tricking some cyber security professionals. Security professionals may benefit from distance learning and online university degree programs to update their skills sets to deal with evolving sophisticated threats.
Employees must be wary of responding to e-mails urging urgent action and seeking personal, official and financial information. In case of suspicion, they must verify the authenticity of the e-mail with the concerned institutions or authority. Individuals must forward spoofed e-mails to relevant legal authorities and report abuse. This will enable concerned authorities to initiate remedial action. Fake Unique Resource Locators (URLs) look strikingly similar to legitimate web addresses of a company, but may have proxy names and numbers as prefix or suffix or have incorrect spelling of the company. Individuals must enter log in credentials on a secure e-mail account page, which begins with https. Google has urged users to make use of the two-factor verification process to avoid unauthorized access to e-mail accounts. The e-mail service provider has also asked Internet users to regularly check forwarding and delegating accounts settings. The company has also urged users to take cognizance of the red warning related to suspicious activity, displayed above the inbox. E-learning, online degree and training programs on cyber security may help employees in understanding security threats and improve their abilities to detect social engineering attacks.
Computer systems of government, military and defense personnel may contain information pertaining to offenders, strategies, and other sensitive data concerning national security. Exposure of such information may have adverse implications. Professionals qualified in IT degree or computer science degree degree programs may help organizations in implementing best practices in IT security and securing IT infrastructure.
Contact Press
EC-Council
Website: http://www.eccuni.us
Email: [email protected]
Tel: 505-341-3228
EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.
EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.
