McAfee Labs has issued new findings today: ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure. The attacks start with phishing campaigns and move on using more sophisticated approaches.
Colin Bastable, CEO at Lucy Security:
“Phishing attacks evolve very quickly: this looks like a trial run, and it will escalate and spread metastatically.
State actors use misdirection, because they are engaged in asymmetric cold warfare, and they will not be concerned about collateral damage. For them, the more the merrier. Cyber criminals will pick it up and run with it – the end results will be the same, regardless of who instigated the attack.
But, because it is a phishing attack it is possible to defend against and mitigate losses from successful attacks.
To successfully defend against such attacks, you must secure people and systems in a holistic model and allow them to evolve together as a single unit. The siloed approach – security systems on one side, people testing and awareness training on the other – is the wrong approach. It is also wrong to focus on decreasing intrusion rates because it only takes one intrusion to ruin a CISO’s day.”
Anthony James, CMO at CipherCloud:
“Operation Sharpshooter is a sophisticated attack campaign likely part of an effort by a nation-state or their proxy to compromise and gather defense information globally. Phishing remains a reliable and competent attack vector which the attackers are successfully using to compromise targeted organizations.
Yes, you can guard and reduce the probability of successful social engineering attacks using techniques like phishing, but you cannot eliminate them all. Attackers will gain access to your internal networks. It becomes critical to protect data, guard against the commonly expected threats, and have the visibility to detect them and rapidly shut them down.
Once attackers acquire credentials, you must be able to ascertain the use of these credentials. Is this user accessing your network at 2 am? Is that normal behavior? Is one of your users trying to log in from Beijing yet they only logged in from Chicago two hours prior? Is a set of credentials being used from an unauthorized non-corporate device or mobile device? Acting upon this type of information is part of the necessary cyber defense counter-balance to meet and defeat the attackers that have successfully penetrated your networks.”
