New "Spear Phishing" Attacks Target IT Admins 134
snydeq writes "A new breed of 'spear phishing' aimed at IT admins is making the rounds. The emails, containing no obvious malicious links, are fooling even the savviest of users into opening up holes in their company's network defenses. The authentic-looking emails, which often include the admin's complete name or refer to a real project they are working on, are the product of tactical research or database hacks and appear as if having been sent by the company's hosting provider. 'In each case, the victim remembered getting a similar sort of email message when they first signed on with a service and, thus, thought the bogus message was legitimate — especially because their cloud/hosting providers keep bragging about all the new data centers they're continuing to bring online.' The phishing messages often include instructions for opening up mail servers to enable spam relaying, to disable their host-based firewalls, and to open up unprotected network shares. Certainly fodder for some bone-headed mistakes on the part of admins, the new attack 'makes the old days of hoax messages that caused users to delete legitimate operating system files seem relatively harmless.'"
Try "fishing for noobs", not admins. (Score:5, Insightful)
Why on Earth would I do that at the whim of my ISP or web host? I've actually gotten into arguments with known, real providers that insisted they needed access to my network to work properly (correct response - "No, no you don't - and neither does your competition"), I sure as hell wouldn't say "Oh, you have a new service? Cool, guess I'll chuck that Sonicwall in the trash now...".
This may target "your nephew who does your computer stuff at the office", but it sure as hell doesn't target IT professionals.
Re:Heh (Score:5, Insightful)
We host our mail and web ourselves. At the same time, I don't give a fuck how legitimate an email looks, if it sends me instructions to open my mail server or firewall, I'm going to be on the phone to my ISP ASAP.
Re:So when did text have to become an active paylo (Score:4, Insightful)
Something doesn't make sense here... (Score:5, Insightful)
I think by definition, you are not the savviest of users if you fall victim to a phishing attack.
A over worked sysadm is like a texting driver (Score:5, Insightful)
Re:Something doesn't make sense here... (Score:4, Insightful)
Moral of the story: question everything that comes over the wire, especially these days. Any insane requests such as the ones described in the article ought to be verified either in person or on the telephone, with you initiating the contact to a trusted source, otherwise you're pretty much just asking for trouble.
Re:Don't use Admin-enabled as your standard accoun (Score:5, Insightful)
In Linux, people seem to add their ssh key so you can logon to pretty much every computer in your network.
Spreading your public key around like that isn't a big deal. It's when the user removes the password from the private key so he never has to type anything to log in, THAT's the real bad one.