Military, agencies to phish their workers

The military services and some agencies, including the Homeland Security Department and the Department of Veterans Affairs, can now launch diagnostic phishing attacks against their own workers.

Phishing is a technique of tricking or coercing users into giving up personal information, revealing log-in names and passwords or visiting malware or virus-infected Web sites. The government-sanctioned attacks will be designed to test how well federal workers adhere to organization's e-mail security policies.

The agencies will launch the attacks with Core Security Technologies' CORE IMPACT penetration testing software. The IMPACT software will send keep track of how many employees click on the malicious links. With that information, agencies can gauge the effectiveness of their IT security education program.

“Businesses are recognizing the severity of client-side attacks and are demanding solutions that help them more accurately evaluate their potential exposure,” Paul Paget, chief executive officer at Core Security, said in a statement released today.

Organizations also can use the penetration testing software for spear phishing, a highly specialized form of phishing attack that targets information relevant to the organization under attack.

Phishing attacks have become the favored method for attackers. According to the United States Computer Emergency Readiness Team's quarterly trends and analysis report, phishing accounts for nearly 84 percent of all attacks reported to the computer security agency.

Other agencies with plans for using the Core Security software include the Labor, Energy and Agriculture departments, the National Institute of Standards and Technology, the U.S. Agency for International Development, the U.S. Courts and the U.S. Postal Service.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected