The News broke over the weekend that The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients’ network was breached and data was stolen. The emails pretended to warn about a “sophisticated chain attack” from an advanced threat actor known, who they identify as Vinny Troia. Troia is the head of security research of the dark web intelligence companies NightLion and Shadowbyte.
<p>Email is the centre of the digital universe for individuals and organisations. Not only is it the route through which criminals can gain access to an organisation, but if compromised, can be used to send malicious emails to unsuspecting victims who trust the source. It\’s why protecting email is vital. And people should be aware and mindful of all emails, especially unexpected emails or ones which appear to be asking for things out of character. When in doubt, people should notify IT departments and not respond.</p>
<p>The compromise of FBI infrastructure to send spoofed emails does not appear to be targeting the organisation\’s the emails were sent to due to the lack of links or attachments, but were used instead to spread propaganda against a target that the hackers have been feuding with for years. This type of attack against a known brand such as the FBI is an indicator the hackers may be getting more brazen. The FBI has reported that no personally identifiable information was compromised and the vulnerability was fixed. However, this compromise should serve as a warning to organisations that phishing campaigns can be much more sophisticated and targeted to evade not only technical controls, but can also circumvent any anti-phishing training an organisation may have in place, particularly when the emails are originating from a trusted source or known email account.</p>
<p>Governments and private individuals all use or interact with many digital systems. Whether through misconfiguration or errors in the software, such systems are vulnerable to cyber-attack, ransom, and data loss.</p>
<p>Although system manufacturers, and those configuring a system, are increasingly aware of security by default principles, there is a persistent 70% of reported software vulnerabilities that can lead to exploitation by cyber criminals. The UK government has an initiative with industry called <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUWf47qQzlDP7HxKeVXpSw1Q-3D6Jd1_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkZnSjWOytMg-2FYouKFkUIQdIXeJZ3QME4A3n8YDj9SkG87-2FoGHsgaBBOBu5vrObdg5pyAi7C2oCz1nbvTh3IcoiLpv-2BgJRP1LJ4HIxefSB-2BWBPyvaoBq-2BBZzC9bnwnv1tgift2ZcyJ3rTL6WChsxL9CmH-2FDuhLnQZ20FOoH9TXSJCum1oUQyoos-2BB0MoZtf4P7gX2fIx1ITDmMJ6eARFCm3GsIt-2BiPUp6anMdiAgWZU0M\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUWf47qQzlDP7HxKeVXpSw1Q-3D6Jd1_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQkZnSjWOytMg-2FYouKFkUIQdIXeJZ3QME4A3n8YDj9SkG87-2FoGHsgaBBOBu5vrObdg5pyAi7C2oCz1nbvTh3IcoiLpv-2BgJRP1LJ4HIxefSB-2BWBPyvaoBq-2BBZzC9bnwnv1tgift2ZcyJ3rTL6WChsxL9CmH-2FDuhLnQZ20FOoH9TXSJCum1oUQyoos-2BB0MoZtf4P7gX2fIx1ITDmMJ6eARFCm3GsIt-2BiPUp6anMdiAgWZU0M&source=gmail&ust=1637152099925000&usg=AOvVaw0RRwTGTO_DldTaxTps3Sd8\">Digital Security by Design</a> that aims to block this significant class of vulnerability from being exploited through a fundamental change in the underpinnings of the underlying hardware.</p>
<p>It’s unfortunate that a simple modification of the traffic between a user and this web application allowed the attacker to generate a slew of emails from a legitimate address. While this attack certainly generated attention, a more targeted and less ‘noisy’ attack could have done significantly more damage. This incident highlights the importance of a secure software development program, web application testing, and security configuration management. This attack could have been stopped at multiple points in its lifecycle.</p>