It is being reported that the emails of executives and other employees of the U.S. Treasury Department’s Office of the Comptroller of the Currency were hacked with the agency blaming longstanding vulnerabilities for the breach.
The breach involved unauthorized access to highly sensitive information relating to the financial condition of federally regulated financial institutions.
Erich Kron, security awareness advocate at cybersecurity company KnowBe4 had this comment:
“It’s always a dangerous situation when bad actors get into legitimate email accounts as these accounts carry with them a level of trust that is not present in spoofed emails.
In many cases, bad actors will piggyback on previous conversations with others in an attempt to get the target to open infected documents or take actions that benefit the attackers. This is much easier for them to do if they are using a previous email correspondence with the victim because people are naturally less skeptical when receiving a message from someone they have previously communicated with.
It’s important that as part of a human risk management plan, employees are taught to always be careful when handling file attachments or unexpected requests, even if they come from a source they have previously communicated with. If in doubt, the request can be confirmed through an alternative form of communication such as a phone call or text message.”
The human element in making an organization secure is a key point. If you don’t have people who have the awareness to spot threats, you’re guaranteed to get pwned.
Related
This entry was posted on April 9, 2025 at 11:15 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
US Regulator OCC Says Executives’ Emails Were Hacked
It is being reported that the emails of executives and other employees of the U.S. Treasury Department’s Office of the Comptroller of the Currency were hacked with the agency blaming longstanding vulnerabilities for the breach.
The breach involved unauthorized access to highly sensitive information relating to the financial condition of federally regulated financial institutions.
Erich Kron, security awareness advocate at cybersecurity company KnowBe4 had this comment:
“It’s always a dangerous situation when bad actors get into legitimate email accounts as these accounts carry with them a level of trust that is not present in spoofed emails.
In many cases, bad actors will piggyback on previous conversations with others in an attempt to get the target to open infected documents or take actions that benefit the attackers. This is much easier for them to do if they are using a previous email correspondence with the victim because people are naturally less skeptical when receiving a message from someone they have previously communicated with.
It’s important that as part of a human risk management plan, employees are taught to always be careful when handling file attachments or unexpected requests, even if they come from a source they have previously communicated with. If in doubt, the request can be confirmed through an alternative form of communication such as a phone call or text message.”
The human element in making an organization secure is a key point. If you don’t have people who have the awareness to spot threats, you’re guaranteed to get pwned.
Share this:
Like this:
Related
This entry was posted on April 9, 2025 at 11:15 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.