FBI attack shows all are vulnerable to phishing


By Dylan Bushell-Embling
Thursday, 18 November, 2021
FBI attack shows all are vulnerable to phishing

Last week’s successful cyber attack on the US FBI should serve as a wake-up call to businesses that any organisation is vulnerable to attack, according to StickmanCyber CEO and founder Ajaay Unni.

Attackers were able to compromise the FBI’s Law Enforcement Portal by exploiting a software misconfiguration, sending out spam emails to 100,000 recipients.

“Although the motives of the hacker aren’t clear and no actor was able to access or compromise any data or personally identifiable information (PII), it should serve as a warning that if the FBI, arguably one of the world’s largest security enterprises, is unable to spot a vulnerability in their system, every business needs to be extra vigilant to ensure they maintain great cyber hygiene practices,” Unni said.

“Phishing methods such as email spoofing can have devastating effects on the reputational and operational health of a business. They are typically used by malicious actors to mislead recipients into divulging sensitive information or enabling access to systems and networks by posing as a credible source.”

Unni said it is becoming vital for businesses to have a comprehensive training and awareness program to ensure staff are vigilant against impersonation attacks.

Employees should also be on the lookout for red flags such as bad grammar and spelling, questionable messaging alluding towards some sort of cash prize or riches, or an element of urgency tied to an unusual request.

“Employees should follow best practices when interacting with emails — avoiding clicking on any suspicious links or attachments, instead opting to type out the official domains in their browsers or even copying and pasting the message in a search engine to identify if an attempted phishing attack may have already been reported,” Unni added.

“Even if the email looks legitimate, always forward it to the cybersecurity department to perform a check and/or call the sender to confirm if it actually came from them.”

Image credit: ©stock.adobe.com/au/smolaw11

Related News

Commvault arranges to buy Appranix

Cyber resilience provider Commvault plans to leverage its acquisition of Appranix to help...

Fujitsu establishes security consulting division

Fujitsu's new digital security consulting division will help organisations prepare for and...

Unstoppable Domains joins GlobalBlock initiative

Web3 domain name service provider Unstoppable Domains has joined the GlobalBlock initiative to...

Content from other channels on our network

EV future for Monash Uni

Shell Cove battery launched on NSW South Coast

Million-dollar rooftop solar for Kimberley hospital

Protecting wildlife from electrical assets — and vice versa

Immersive VR training for electricians

'Curving' light beams could enable terahertz comms

Panasonic offers private 5G network testing in Munich

Antenna upgrade enables better sewer management

60 million Aust drone flights predicted for 2043

The fire on Marley's Hill

Machine learning used to create fabric-based touch sensor

Hybrid sodium-ion battery can be charged in a few minutes

Researchers develop energy-efficient probabilistic computer

Wearable sensor measures real skin feel

Monash University home to three electron microscopes

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd