What is spear phishing?
Firstly,I would like to explain something more about spear phishing. Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seekingunauthorized access to confidential data. As with the e-mail messages used inregular phishing expeditions, spear phishing messages appear to come from atrusted source. Phishing messages usually appear to come from a large andwell-known company or Web site with a broad membership base, such as eBay orPay Pal.
In the case of spear phishing, however, the apparent source of the e-mail islikely to be an individual within the recipient's own company and generallysomeone in a position of authority. From what I've read somewhere, spearphishing attempts are not from random hacker, they are more likely conducted bysophisticated groups out for financial gain, trade secrets or militaryinformation.
In Toronto, computer hackers infiltrated some Canadian government computer systemsbut were not able to access the classified data they were seeking. Stockwell Day,the president of Treasury Board, which is also a federal administrative agencysaid the attacks were significant but that Canada's cyber security systemsdetected the intrusions and blocked them.
TheCanadian Broadcasting Corporation reported computers belonging to the TreasuryBoard and Finance Department were among the systems infiltrated in earlyJanuary, along with Defence Research and Development Canada, which is aresearch agency within the Department of National Defence. No indications thatany data relating to Canadians was compromised.
Prime Minister Stephen Harper said that federal security agencies were working todeal with cyber threats. The CBC reported the cyber attacks were traced tocomputer servers in China, but no government official would confirm the originsof the attacks.
The report said hackers were using a technique known as spear phishing, whichinvolves impersonating bureaucrats via their e-mail accounts to snoop aroundgovernment computer systems and steal key passwords that unlock government datasystems.
No comments:
Post a Comment