Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Crime IT Technology

New "Spear Phishing" Attacks Target IT Admins 134

Posted by kdawson from the parasitic-wasps dept.
snydeq writes "A new breed of 'spear phishing' aimed at IT admins is making the rounds. The emails, containing no obvious malicious links, are fooling even the savviest of users into opening up holes in their company's network defenses. The authentic-looking emails, which often include the admin's complete name or refer to a real project they are working on, are the product of tactical research or database hacks and appear as if having been sent by the company's hosting provider. 'In each case, the victim remembered getting a similar sort of email message when they first signed on with a service and, thus, thought the bogus message was legitimate — especially because their cloud/hosting providers keep bragging about all the new data centers they're continuing to bring online.' The phishing messages often include instructions for opening up mail servers to enable spam relaying, to disable their host-based firewalls, and to open up unprotected network shares. Certainly fodder for some bone-headed mistakes on the part of admins, the new attack 'makes the old days of hoax messages that caused users to delete legitimate operating system files seem relatively harmless.'"
This discussion has been archived. No new comments can be posted.

New "Spear Phishing" Attacks Target IT Admins More

New "Spear Phishing" Attacks Target IT Admins

Comments Filter:

  • Try "fishing for noobs", not admins. (Score:5, Insightful)

    by pla ( 258480 ) on Tuesday March 02, 2010 @05:25PM (#31335906) Journal
    The phishing messages often include instructions for opening up mail servers to enable spam relaying, to disable their host-based firewalls, and to open up unprotected network shares.

    Why on Earth would I do that at the whim of my ISP or web host? I've actually gotten into arguments with known, real providers that insisted they needed access to my network to work properly (correct response - "No, no you don't - and neither does your competition"), I sure as hell wouldn't say "Oh, you have a new service? Cool, guess I'll chuck that Sonicwall in the trash now...".

    This may target "your nephew who does your computer stuff at the office", but it sure as hell doesn't target IT professionals.

  • Re:Heh (Score:5, Insightful)

    by MightyMartian ( 840721 ) on Tuesday March 02, 2010 @05:37PM (#31336118) Journal

    We host our mail and web ourselves. At the same time, I don't give a fuck how legitimate an email looks, if it sends me instructions to open my mail server or firewall, I'm going to be on the phone to my ISP ASAP.

  • Re:So when did text have to become an active paylo (Score:4, Insightful)

    by TooMuchToDo ( 882796 ) on Tuesday March 02, 2010 @05:43PM (#31336204)
    As my first boss and mentor used to say, "You can't fix stupid."

  • Something doesn't make sense here... (Score:5, Insightful)

    by rlthomps-1 ( 545290 ) on Tuesday March 02, 2010 @05:44PM (#31336226) Homepage

    The emails, containing no obvious malicious links, are fooling even the savviest of users into opening up holes in their company's network defenses.

    I think by definition, you are not the savviest of users if you fall victim to a phishing attack.

  • A over worked sysadm is like a texting driver (Score:5, Insightful)

    by xzvf ( 924443 ) on Tuesday March 02, 2010 @05:48PM (#31336288)
    It is hard to concentrate on multiple tasks at once. While a good sysadmin won't fall for this on the best days, an overworked one will occasionally just do stuff that looks right. If you want real security, any change should require two people (who don't know each other in physically different locations) to implement, an approved change control document that identifies the change and reason for it, and an auditor that goes follows behind the change to make sure it doesn't open any holes. I'm going for funny on this.........

  • Re:Something doesn't make sense here... (Score:4, Insightful)

    by bsDaemon ( 87307 ) on Tuesday March 02, 2010 @05:58PM (#31336416)
    I once cleared a mail queue of about 50k email messages... just looping through all the IDs and nuking them in Exim (large i/o issue on the server at the time, and i determined it all to be mail related). When someone questioned me on that, I responded with "there haven't been fifty-thousand legitimate emails in the whole history of the internet."

    Moral of the story: question everything that comes over the wire, especially these days. Any insane requests such as the ones described in the article ought to be verified either in person or on the telephone, with you initiating the contact to a trusted source, otherwise you're pretty much just asking for trouble.

  • Re:Don't use Admin-enabled as your standard accoun (Score:5, Insightful)

    by Qzukk ( 229616 ) on Tuesday March 02, 2010 @06:47PM (#31337220) Journal

    In Linux, people seem to add their ssh key so you can logon to pretty much every computer in your network.

    Spreading your public key around like that isn't a big deal. It's when the user removes the password from the private key so he never has to type anything to log in, THAT's the real bad one.

Slashdot Top Deals

So you think that money is the root of all evil. Have you ever asked what is the root of money? -- Ayn Rand

Close