On December 21, 2011 the Wall Street Journal reported that U.S. Chamber of Commerce was hacked. Many of the major media outlets are all re-publishing the report. But, if you look at the fine print you will discover that the attack occurred back in November 2009 and was discovered in May 2010. That left the Chamber’s 3 million company members uninformed and their information vulnerable for two years as the FBI and cyber investigators analyzed the attack. Now these 3 million companies are going to have to check what information might have been gathered and then inform their own customers. That will cost them time and money for unscheduled activities. It’s the domino affect.
It seems the attack used the tried-and-true strategy we see every day. An employee received a phishing or spearphishing email with a spyware attachment. The employee opens the attachment link not knowing that they have affected the network. The spyware is able to capture employees and/or administrators passwords to have unfettered access to all the accounts. Remember, IT is unable to identify a breach when a legitimate User Name and Password is entered. Read More→