Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Crime IT Technology

New "Spear Phishing" Attacks Target IT Admins 134

Posted by kdawson from the parasitic-wasps dept.
snydeq writes "A new breed of 'spear phishing' aimed at IT admins is making the rounds. The emails, containing no obvious malicious links, are fooling even the savviest of users into opening up holes in their company's network defenses. The authentic-looking emails, which often include the admin's complete name or refer to a real project they are working on, are the product of tactical research or database hacks and appear as if having been sent by the company's hosting provider. 'In each case, the victim remembered getting a similar sort of email message when they first signed on with a service and, thus, thought the bogus message was legitimate — especially because their cloud/hosting providers keep bragging about all the new data centers they're continuing to bring online.' The phishing messages often include instructions for opening up mail servers to enable spam relaying, to disable their host-based firewalls, and to open up unprotected network shares. Certainly fodder for some bone-headed mistakes on the part of admins, the new attack 'makes the old days of hoax messages that caused users to delete legitimate operating system files seem relatively harmless.'"
This discussion has been archived. No new comments can be posted.

New "Spear Phishing" Attacks Target IT Admins More

New "Spear Phishing" Attacks Target IT Admins

Comments Filter:

  • Re:So when did text have to become an active paylo (Score:5, Informative)

    by MozeeToby ( 1163751 ) on Tuesday March 02, 2010 @05:32PM (#31336024)

    Did you even RTFS? The emails contain instructions for things that the attackers want the admins to do. It's called social engineering, and it's not a computer glitch, it's a critical thinking glitch.

  • I got one today (Score:2, Informative)

    by Anonymous Coward on Tuesday March 02, 2010 @05:44PM (#31336224)

    Posted anonymously. Public company. You get it.

    Anyhow, I've got one from un-named webhost today. (Hint, they were one of the companies that got hit when Google got slammed)

    Whoever it was, they new my name, and IP addresses that we host some sites on. The ploy was for me to open up all ports to my site to establish a trust to a range they've provided for "enhanced security analysis" thats now "part of their package" as well as email content filtering.

    1. I host Exchange in house. (Even though I hate it)
    2. I host nothing but web @ Host X.
    3. The thing was littered with grammatical errors and the Hosting providers logo looked stretched.

    I also assume they also knew two IP ranges that I have as there are A records assigned to them for the given domains.

  • savvy? (Score:1, Informative)

    by Anonymous Coward on Tuesday March 02, 2010 @05:53PM (#31336362)

    An admin who would "[open] up mail servers to enable spam relaying, to disable ... host-based firewalls, and ... open up unprotected network shares" is not savvy. Any admin who does not guard his or her network with the viciousness of a mother lion guarding the den containing her young, even from the actions of his own coworkers, vendors, and business partners, is worthless. These people are the first and last defense in corporate security.

  • Circa Blackhat 2007 (Score:4, Informative)

    by Spyder ( 15137 ) on Tuesday March 02, 2010 @06:14PM (#31336644)
    Targeting the admins for access was one of the major points in HD Moore and Valsmith's talk [blackhat.com](PDF) from Blackhat US 2007.

Slashdot Top Deals

Ya'll hear about the geometer who went to the beach to catch some rays and became a tangent ?

Close