BreachExchange mailing list archives
HR Departments Part 2: Still Out Phishing?
From: inga () riskbasedsecurity com (Inga Goddijn)
Date: Thu, 17 Mar 2016 14:53:59 -0500
https://www.riskbasedsecurity.com/2016/03/hr-departments-part-2-still-out-phishing/ On March 7th, we reported <https://www.riskbasedsecurity.com/2016/03/hr-departments-gone-phishing/> on a warning issued by the IRS alerting HR and payroll processing departments to be on the lookout for phishing attempts targeting W-2 information. At the time our research identified twelve companies that had fallen for the scam. Now, just one week later, we can report on another twelve organizations that join the ranks of those impacted. The list now includes: Who How Many Impacted Date Occurred Date Reported Hudson City School District <http://www.hudsoncityschooldistrict.com/> Not Disclosed January 21, 2016 January 24, 2016 RightSide Group <http://www.rightside.co/> Not Disclosed Not Disclosed February 25, 2016 DataXu* <https://www.dataxu.com/> Not Disclosed February 18, 2016 March 3, 2016 York Hospital* <http://www.yorkhospital.com/> At least 1,211 February 22, 2016 February 25, 2016 General Communication Inc <https://www.gci.com/> Not Disclosed February 24, 2016 March 4, 2016 Information Innovators Inc <https://www.iiinfo.com/> Not Disclosed February 26, 2016 March 3, 2016 Mansueto Ventures <http://www.mansueto.com/> Not Disclosed February 26, 2016 March 4, 2016 Affinion Group <http://www.affinion.com/> Not Disclosed Not Disclosed March 8, 2016 Seagate Technology <http://www.seagate.com/> Not Disclosed March 1, 2016 March 7, 2016 Turner Construction Company* <http://www.turnerconstruction.com/> Not Disclosed March 2, 2016 March 7, 2016 Endologix Inc <http://www.endologix.com/> Not Disclosed March 3, 2016 March 9, 2016 SevOne <https://www.sevone.com/> Not Disclosed March 7, 2016 March 9, 2016 *Suspected due to the nature of the data taken and description of events, but not confirmed as spear-phishing. At this time there is no public confirmation these attacks were perpetrated by the same actor(s) but one tantalizing detail has come to light suggesting a similar strategy was used. Local reporting on the Hudson City School District attack <http://www.registerstar.com/news/article_3a62bbbc-d1ff-11e5-a857-ebad3df66d41.html> noted, âthe scammer who sent the email used [District Superintendent Maria] Suttmeierâs photograph, email address and titleâ in the phishing email. Likewise, Information Innovators Inc. (aka Triple-i) disclosed in a statutory disclosure letter that âthe criminal also adjusted the display name so that the Triple-I employeeâs name and picture was in the âTOâ field in the response.â We know from the IRS warning and several of the disclosures, the phishing mails sent in these attacks used a technique known as spoofing <https://en.wikipedia.org/wiki/Email_spoofing>, whereby the senderâs real email address is masked and a known individualâs email address appears in its place. Spoofing is a well-known technique, but in at least two of the reported incidents, the person(s) behind the attacks took the time to include relevant photos that would further the illusion of a trusted communication. That appears to demonstrate a level of planning above and beyond a typical spoofed spear-phishing attack. These most recent attacks highlight the central role trust plays in security and how the culture of information sharing is being leveraged for data theft. Some organizations choose publish staff photos and contact information in order to show there are real people standing behind their product or service. As these attacks show, that very same information is being used by against organizations for the very same purpose of creating what appears to be a trusted communication. Teams tasked with employee awareness training should focus attention on how public information â whether itâs made available by the organization itself or culled from social networking sites like LinkedIn â is being used in targeted scams. Only 10 weeks into 2016 and our research shows there have already been over 535 data breaches disclosed and more than 175 million records compromised <https://cyberriskanalytics.com>. 2015 was a record breaking year <http://www.riskbasedsecurity.com/data-breach-quickview-report-2015-data-breach-trends/> with more than 4,027 incidents reported. If the current pace of breach activity continues, 2016 may turn out to be just as extraordinary as 2015 and for all the wrong reasons. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160317/6abfb14a/attachment-0001.html>
Current thread:
- HR Departments Part 2: Still Out Phishing? Inga Goddijn (Mar 17)