The cyber-mafia will surely target 4 million Federal employees victimized by the recent hack.–PC Pitstop
Federal Hack Phishing Bonanza
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
It is all over the news, The 4-million Federal Employee OPM database was hacked and lots of employee information leaked to probably the Chinese. This weekend on CNN they said that the coming few days all Fed employees will receive an email something like: “You’ve been hacked, here’s what you need to do to protect yourself.”
The press has a tendency to jump to the “who” but it is more interesting to focus on the how and why. The real issue here is how the attackers penetrated the OPM again, just after a major data breach a year ago. The focus on this recent breach should be how come they did not fix an apparently systemic problem, and it is my prediction that they were hacked with a spear-phishing attack with by zero-day malware as a payload, which could have been prevented with effective security awareness training.
Also in the news this week, it came out that in 2012 the NSA was granted the authority to conduct surveillance on US Internet traffic without a warrant to investigate foreign cyber attacks. The documents indicate that the NSA pursued attackers even if there was no proof that the attacks originated outside the US. So we have the “guvmint” hoovering up massive amounts of data, and not protecting that data very well. Recipe for disaster?