The Department of Energy’s Pacific Northwest Lab (PNNL) in Richland, Wash., and Jefferson National Lab in Newport News, Va., suffered recent cyberattacks and responded by suspending email and internet connectivity, according to various media reports. Battelle, which operates PNNL, was also targeted.
Officials at the labs said that no classified information was compromised, according to the Associated Press. They did not comment on the type of attacks that occurred.
The attacks and response appear similar to what happened to the DOE’s Oak Ridge National Lab in April. In the Oak Ridge case, a spear-phishing attack injected data-stealing malware into the lab’s networks, prompting it to shutdown email and internet access.
E-mails were sent to several Oak Ridge lab employees, which appeared to arrive from the human resources department regarding some employee benefits. The e-mail lured employees to click on a link for getting more information on the benefits, thereby launching the malware.
While PNNL and Jefferson have not said what type of attack they suffered, their response is identical to Oak Ridge, suggesting that the attacks were similar.
Ken Liao, senior product marketing manager at Proofpoint, told Infosecurity that his firm has seen a steady rise of spear-phishing attacks on all types of organizations. These attacks are difficult to stop because spam filters usually do not detect them due to their low volume and targeted nature.
Liao noted that the RSA attack, which resulted in the compromise of its SecureID tokens, was the result of a spear-phishing attack. The RSA breach occurred because an employee opened a spear-phishing email that had been caught by the company’s spam filter and quarantined. The employee apparently thought that the email was quarantined by mistake and opened the attachment, launching the attack, Liao explained.
“At its core, you could think of a spear-phishing attack as me writing an email to one specific individual pretending to be someone else and asking for credentials. That is extraordinarily hard to detect because it is being sent to one individual. It is not an automated message. This is what makes spear-phishing a very difficult problem to address in general”, Liao said.