The FBI has sent out a confidential warning to American businesses about an imminent threat of hacking by Iranian hackers who may, or may not, be state sponsored. The attack appears to be focused on the always vulnerable educational institutions as well as energy companies, airlines and defense contractors. The FBI warning provides detailed technical information about the different types of malware used in the attack as well as information about techniques such as spear phishing that are being used by the hackers to enable their malware to be unwittingly downloaded on to the computer networks of the targeted companies. Spear phishing, as you may remember is a technique whereby the victim receives a seemingly legitimate email message addressed to the victim by name that lures the victim into clicking on a link that downloads the malware used to attack the company.
This particular Iranian hacking scheme may be the same one recently identified as Operation Cleaver by the security firm Cylance recently that uncovered attacks on more than fifty companies in sixteen countries including the United States. As for us as individuals, we need to recognize that regardless of how careful we are at protecting the security of our own personal information, that information, as seen in the recent Sony hacking is only as safe as the companies with the weakest security practices that hold our information. Therefore, whenever possible you should limit the companies and governmental agencies that have your personal information.