![]() ![]() Appendix A of this report meets the FFA milestone for the Annual Removal Action Report for the period FYs 1991-95. The FFA Quarterly Report meets an FFA milestone defined as 30 days following the end of the applicable reporting period. Publication of this document meets two FFA milestones. This work was performed under Work Breakdown Structure 1.4.12.2.3.04 (Activity Data Sheet 8304). The reporting period covered in this document is October through December 1995. According to Zacharia, the intrusion came in the form of a spear-phishing email sent to lab employees on April 7.This Oak Ridge Reservation Federal Facility Agreement Quarterly Report for the Environmental Restoration Program was prepared to satisfy requirements for progress reporting on Environmental Restoration Program (ER) activities as specified in the Oak Ridge Reservation Federal Facility Agreement (FFA) established between the US Department of Energy (DOE), the US Environmental Protection Agency, and the Tennessee Department of Environment and Conservation. The e-mail, purportedly sent from the human resources department, discussed employee benefits and included a link to a malicious web page, where malware exploited the IE vulnerability to download additional code to users' machines. #OAKRIDGE FEDERAL FACILITY AGREEMENT COPY EM CODE# The attackers cast their net wide in the company, but hooked only two computers in the phishing scheme, Zacharia said. About 530 employees received the e-mail - out of about 5,000 workers - but only 57 people clicked on the malicious link in the correspondence. Out of this, only two machines got infected with the malware. The lab began to block the malicious emails soon after they began coming in, but it was already too late. On April 11, administrators discovered a server had been breached when data began leaving the network. Workers cleaned up the infected system, but early Friday evening "a number of other servers suddenly active with the malware," Zacharia said. ![]() The malware had apparently laid dormant for a week before it awoke on those systems. That's when the lab blocked internet access. Zacharia said the malware "masked itself" on systems and was designed to erase itself if it tried to compromise a system and was unsuccessful. "We are still trying to fully characterize the malware so we can completely eradicate it," he said. He was unable to say what the attackers stole or where the pilfered data went. The exfiltrated data was encrypted, and its destination is still being investigated. He said, however, that investigators from "sister labs" and other government agencies were "having some successes" in decrypting the data and analyzing the code. He would not say whether encryption experts from the National Security Agency were among those assisting the investigation. The lab had begun to restore limited e-mail usage for workers on Tuesday afternoon, but employees were still being prevented from sending or receiving attachments. It's not the first time the lab has been breached through spear phishing. In 2007, a similar attack allowed hackers to access a nonclassified database at the lab and gain access to thousands of names, Social Security numbers and birth dates belonging to anyone who had visited the lab between 19. #OAKRIDGE FEDERAL FACILITY AGREEMENT COPY EM CODE#.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |