This distressing story from Government Computer News focuses on government servers, but there seems to be no reason to assume what is happening isn’t a danger to corporate servers as well.
Tools available to Internet browsers, the writer points out, are becoming more adept at identifying questionable Web sites and stopping phishing attempts. That’s great. But it’s also true that the malware community is clever and never at a loss for what to do. Its response, according to the story and the Symantec release upon which it is based, is to find loosely protected government servers and use them to host phishing sites that attack that government.
It doesn’t sound like it’s all that hard, either. At least some of the servers used by a government will be lightly protected. It’s also particularly dangerous, since the superimposition of the fake site on a real server makes it seem legitimate.
So far, according to Symantec information, the hackers aren’t using the .gov domain name in the United States. But this approach has been seen on servers in 12 nations (Thailand, Indonesia, Hungary, Bangladesh, Argentina, Sri Lanka, Ukraine, China, Brazil, Bosnia-Herzegovina, Columbia and Malaysia). It seems like only a matter of time before it is attempted here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment