Miranda Tomic

OPM Cyber Attack…
According to Reuters, members of the US government believe that a foreign entity or government is responsible for the recent attack on the Office of Personnel Management (OPM). The US government has publicly accused China of the attack, though the Chinese government has been quick to deny such reports.  The attack was targeted at persons with US Government security clearance applications on file, as these individuals have access to sensitive government information. The personal identifiable information compromised during the attack includes names, addresses, phone numbers, dates of birth, SSN numbers, and work history. This attack highlights the troubling pattern of government involvement in cyberattacks. Due to incidents such as this, the need for proper cyber security is now at an all-time high. 

The Threat…
The OPM attackers will use information that they’ve already acquired from the cyber breach to try and further exploit their targets through “spear phishing” campaigns. Spear phishing is a highly targeted and specific form of phishing whereby attackers try to extract additional sensitive and valuable information. They are able to use data-mining methods to gain additional information about the victims of their attack. They will then use this additional information to create personally tailored emails or pages in an attempt to pass them off as legitimate. They will then attempt use these emails or pages to turn, or even extort individuals. It is important to be on the look-out for attackers who spear phish, as they specifically aim to exploit individuals who hold sensitive information or privileged access.

 Image Credit: McAffeeImage Credit: McAffee

 

A more common threat to be aware of is “phishing.” Unlike spear phishing, which is targeted at individuals who are known to have access to highly sensitive information, Phishing attacks are more general in nature and may be directed at anyone. Various methods might be used, including, but not limited to: fake emails, links, webpages, infected documents, etc. Attackers will design pages to look exactly like the target’s employer or client. They will even go so far as attempting to befriend targets, in order to gain additional information.

How to protect yourself…
Never share ANY privileged information with unknown or questionable sources. Pay close attention to suspicious emails, dubious or random requests, and never give personal information over the phone as hackers have been known to call targets acting as a client or former partner.

 

Whenever transferring sensitive information, it is recommended to encrypt that information. Additionally, the less personal information is used online, the less likely it is that such information will get into the wrong hands. Never share information unless the source is trusted. Always confirm and report suspicious requests to your IT Security team immediately.

The best form of reliable security is prevention. This type of large scale attack on government entities stresses the need for additional security procedures. OPM was prepared to add such procedures, but unfortunately they were too late. Let’s not make this same mistake. It is of the utmost importance to add as many methods of protection as possible, including systems to manage administrators, training, and procedures. As always, never be afraid to ask your IT Security team members a question.

Subscribe to Blog