14 DAY TRIAL // We’ve had an interesting interview on the attacks of the Syrian Electronic Army (SEA) with Gordon MacKay, executive vice president and chief technology officer at network security company Digital Defense, Inc.
As most of those who follow the work of the Syrian Electronic Army know, one of their main “weapons” is spear phishing attacks. The hackers have successfully used this attack vector to compromise the systems of numerous high-profile organizations, including Melbourne IT, Outbrain, Reuters, and The Daily Dot.
While phishing is not considered a sophisticated mechanism, the SEA’s attacks clearly show that it can be highly effective.
“Although phishing is not considered a very complex hacking mechanism, the conscious use of this strategy and the manner in which it was executed, clearly show an advanced level of intelligence, and organization behind the SEA,” MacKay has told Softpedia.
“Several experts criticize SEA stating the hacking techniques used are not advanced. While I agree with this, I instead point out SEA members were wise to not use advanced methods since lesser sophistication is not as costly to the attacker and therefore provides SEA with more return on investment,” the expert added.
“With that, one can argue they are effective planners as they have technical ability and understand the economics of warfare.”
It’s clear that spear phishing attacks can pose a significant threat to organizations. So what are the keys to mitigating them?
There are several solutions that can be used to protect an organization, including employee security training, email sandboxing, and real-time analysis and inspection of web traffic.
MacKay says that organizations should focus on employee training and either one of the other two options.
“Any overall risk management program should include employee security training,” he said.
Check out the complete interview. It contains an anatomy of the Outbrain hack, and other useful advice on how to secure an organization.