Spear phishing latest threat to Airmen, Air Force mission

  • Published
  • By Staff Sgt. Shad Eidson
  • 354th Fighter Wing Public Affairs
EIELSON AIR FORCE BASE, Alaska --  Advances in technology are helping the United States military increase mission effectiveness. Unfortunately, since it is hard for enemy forces to attack the Air Force military directly, they are trying to defeat Airmen by turning to those same advances as well.

There is a rise in attempts at gaining access to defense information through highly targeted attacks called spear phishing. These are not the mass-emailed fire-and-forget identity theft scams that have been around.

"We are getting more and more electronic attacks each month on base," said Tech. Sgt. Cory Tayman, NCO in charge of wing information assurance office. "The numbers of attacks have increased by almost by 45,000 in the past 30 days and the more recent ones are spear phishing types of attacks."

These attackers choose a specific organization or person and usually have a thorough understanding of the target's organization. Sometime these e-mails appear very genuine with legitimate operational terms and key words in them.

The identifiers that normally would flag a warning sign may not be there. There are now ways to spoof the 'From' field of an email so it looks like it came from a legitimate address, such as from an office the receipt works with regularly. On the other hand, the message may actually come from a legitimate e-mail account that was compromised by an early successful spear phishing attack.

This can occur when the attackers obtain someone's login credentials and e-mail contacts in their address book in order to obtain more accounts.

The goal is to attack the mission first through compromising network integrity and second by gaining military members' personal information to attack Airmen and disrupt their ability to accomplish the mission. While the attackers attempt to grind the Air Force mission to a halt, an acceptable alternative includes just slowing the mission down.

Generally, the attacker's primary focus is to get a recipient to open an attachment or follow a web link that may install malicious software.

"The best thing anyone can do is be aware of what you're reading. If it is too good to be true, it probably is," Sergeant Tayman said. "If there is no digital signature in an official e-mail, that should raise a red flag. To that end, everyone needs to ensure their e-mail account is set to digital sign all emails by default."

Digital signatures are one way the integrity of an e-mail can be checked. If an e-mail is manipulated sometime between the time of digital signature and the intended recipient, the signature mark will be marked to indicate it is not the original message.

Digital signatures also help prevent a negative side effect of a current countermeasure. 

Spam attacks and their malicious attachments can be caught by up-to-date spam and antivirus programs because they've been identified. These programs are also able to catch new threats by using filters that look for common identifiers. Unfortunately, they sometimes tag valid e-mails as spam and quarantine them.

Besides digitally signing official emails, Airmen can also combat spam threats by submitting suspected e-mails to PACAF. For more information, contact your Information Systems Security Officer or call the Wing Information Assurance Office at 377-2815.