The director of the National Counterintelligence & Security Center has launched a spear-phishing awareness campaign we can all benefit from.–PC Pitstop
US Intel Warns of Spear Phishing
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
WASHINGTON–In a presentation at the Intelligence & National Security Summit, the director of the National Counterintelligence and Security Center (NCSC) announced a “new counterintelligence campaign” focused on reducing the potential security damage done by the Office of Personnel Management data breaches.
Called Know the Risk, Raise Your Shield, the campaign’s opening salvo is a pair of spear-phishing awareness videos, urging people not to click on those links.
“There have been just over 500 breaches so far this year, some of which made the news,” said NCSC Director Bill Evanina. “And 47 percent of adult Americans have been the victim of a breach in the last three years. That data is an opportunity for criminals, but it’s also allowed foreign intelligence to collect information about government employees, contractors, and their families.”
The Office of Personnel Management breach alone, he said, had exposed at last measure the data of over 22 million people, including some who had merely applied for government employment or contract work in the last 10 years. “That puts them in a vulnerability bracket they’ve never been in before,” Evanina said.
As part of a response to the breach, in addition to the credit protection and other measures being offered to victims by the OPM, the NCSC is trying to prevent even further breaches that use information gleaned from OPM background investigation records and other data.
“We need to be upfront about what we can do to help the victims of this breach and future victims,”Evanina explained. And spearphishing attacks are one of the most likely way those victims would be targeted, both by criminals, and foreign adversaries seeking to get more intelligence data—as happened in the recent attack on the Joint Chiefs of Staff administrative e-mail network, which used faked e-mails from a bank used by many service members.
“91 percent of the breaches we’ve seen in the last few years have emanated from spearphishing,” Evanina noted. “Our adversaries do not need to use sophisticated attacks—it all starts with e-mails.”