The Pentagon continues to be the target of choice for international hackers after Russians attempted a large-scale and very sophisticated spear phishing attack on an unclassified email system used by the Pentagon’s Joint Staff. The attack affected some 4,000 military accounts. No word yet on the scope or kind of data taken, though as an unclassified email server, the data wouldn’t be sensitive but could still be further leveraged in future attacks.
This is on the heels of a huge hack against the US Office of Personnel Management back in July of this year, one that compromised over 20 million federal employees’ personal information. Once they’ve successfully compromised an account, hackers continue to expand and compromise more systems and gain access to more secure targets.
Anonymous sources identified the hackers as Russian, but no word on whether they were state-sponsored or not. This isn’t the first time that the Pentagon’s been attacked like this, but it marks an uptick in the sophistication of the attacks as this one relied on personal information gleaned in part from social media scraping.
Why go after social media? For better intel. The days when most people can be snared with an ill-typed phishing request are long gone. For a phishing request to be successful, it has pass more than a casual inspection. Tailored attacks designed to get the password or install the program that opens access work because many assume a phishing attack is easy to detect.
This attack highlights the threat posed to systems along every business vertical and government body that still rely on just a successful password entry. If you don’t know how the user behaves, how can you tell when someone other than the user is trying to log in? Whether hackers get access through phishing attacks to gain usernames and password or stealing those passwords through other methods, systems protected by User Behavior Analytics would still be able to detect the attempted intrusion with the stolen password and lock them out.
Without UBA, every time a user logs into your system you are forever waiting for that other shoe to drop. Is this the legitimate user? Is this one? You won’t know until a hacker strikes, and then it’s too late.