Employees of Oak National Laboratory, headquartered in Tennessee, were denied Internet access after the federal data center was forced to close because the laboratory experienced a spear phishing attack.
According to the federal government lab, only a couple of megabytes information was taken by the criminals before it was discovered that the data was being transferred from the lab’s server. The lab is still not able to say for certain what information was present in the stolen data.
The first step taken by the lab was to promptly disconnect internet access all over the facility to stop the cybercriminals from stealing any more confidential information.
The Oak National Laboratory is sponsored by the US Department of energy and controlled by UT-Batelle. This lab is used to perform energy and security research for the government of the United States. The research work also covers studies conducted of cybercrimes with a sharp emphasis on software and hardware malfunctioning including phishing attacks.
The attack that was carried was labeled as ‘sophisticated’ in comparison to last month’s continuous attacks made on the RSA.
An Internet Explorer zero-day flaw was used to install malware on the computers of users who visited the corrupted website. The email containing the spear phishing was delivered from the human resources department to the employees working in the lab. This email contained information on benefits for the employees as well as a link to the corrupted website which when visited downloaded malware onto the users’ computers.
A couple of weeks earlier, an online marketing firm Epsilon had fallen prey to a similar spear phishing attack and suffered huge losses with over millions of banking and retail customers affected.
The original plan was to target the entire company but fortunately the hackers could only upload malware onto two computers.
While the company employs a total number of 5000 employees only about 530 of them had the email in their inbox and just about 57 of them clicked on the link. Luckily only two computers were infected with the malware.
The server breach was noticed by lab administrators when they saw some data being transferred from their servers. The malware was so intense that even after the employees fixed the glitch, some more servers became the transferring mode.
The malware was present for at least a week before it went active and began the transfer. The lab, soon after the discovery, shut down internet access because by doing so it was able to erase all data from a malware infected machine.
This is the second of its kind hacking attack on the lab facility. The company faced a similar spear phishing attack in the year 2007 when a crack in its non-confidential database allowed hackers to take numerous names, social security numbers as well as date of births.
The latest news from the lab stated that while employees were allowed to email, they were told not to send or receive any attachments.