18 April 2015
In report ‘Phishing email’ the key to hacking of TV5 Monde‘, published 14 April 2015 on thelocal.fr, we read:
“According to a source close to the investigation cited by Europe 1, the hack started with a “phishing” email that was sent to all journalists at the TV channel at the end of January.
Three journalists responded, allowing the hackers to infiltrate the channel’s system using so-called “Trojan Horse” malware (malicious software).”
You may remember the Anthem cyber-attack some weeks ago. The credentials of five employees were phished and used by the cyber attackers to steal millions of customer data sets. Cyber-attacks start very often with phishing emails. Even if only a few employees responds it always ends up in a catastrophe.
Would risk management have prevented the TV5 Monde attack? Definitely not!
In the TV5 Monde case it is very likely that the Trojan-Horse would have been detected by a proper configured Anti-Malware scanner on the mail-in server. For details please see my post ‘Free email providers are preferred distribution channels for malware’.
@Mr. Oettinger. It’s time to start a truly useful European initiative:
‘Email providers shall run an in-depth scan of every email when it is posted to the mail-in server. If an email contains malicious object it must be rejected!’
It is very likely that the TV5 Monde attack could have been prevented, if a next generation firewall would have been used to run an in-depth scan of the phishing mails.
Have a good weekend!