34
69
56
11839 “Without proper defenses, these
THE2
42
In these scams, phishers
pose as the CEO or chief financial officer of a company and
O16
FEDERALLIST
25evidence to suggest the criminals
Wendy’s to realize it had been compromised,”hesaid.“Ittook nearly five months for Wendy’s to detect it had an issue, and then another three months to release a statement about the breach. Then came the news that they discovered more malware that affected even more stores, which then had to be disabled.”
Russian crimeware targeting Oracle’s Micros
director for federal public-sector technology at the IT Alliance
for Public Sector, argued that
it deserves to be on the list because it continues to evolve and demonstrate the ongoing vulnerabilities of legacy systems across the government.
The attack compromised the personal information of 21.5 million current, former and prospective federal employees and contractors.
Federal officials “are still continuing to discover that more people were exposed,” Walker said. “You’re going to see more government agencies have issues until they’ve modernized and put the proper protocols and investments in place around
targeted hospitals specifically to
obtain a larger ransom,” he said.
institutions and other critical infrastructure will be targeted by criminals looking for a big payday.”
157
Payroll phishing
7
scams
email employees who have access to tax data. Industry experts have warned that this phishing scam will be a growing threat.
“Many individuals were duped by these emails and replied with the tax records for hundreds of employees,” Olson said. “The scammers used these documents to file fake tax returns and
claim the victim’s tax refund for themselves.”
He cited the common warning that unwary employees can be
the weakest security link. “These attacks demonstrated how simple it can be for a clever scammer to get the information required for fraud when users aren’t skeptical of the
payment systems
mails they receive,” Olson said. e6Malware attack
Ryan O’Leary, vice
president of WhiteHat Security’sThreat Research Center, said the malware attack on point-
of-sale systems at Wendy’s fast food restaurants deserved a spot on the list.
“The concerning thing here is the length of time it took for
None of the experts we polled included this hack in their top three, but it was a milestone
in cyber warfare. It is the first known cyberattack to take out
a power grid. Attributed to the Russian-backed BlackEnergy
APT Group, the attack prompted the Energy Department to seek additional funding to modernize the U.S. electrical grid and harden it against potential cyberthreats. The U.S. government has avoided directly attributing the attack to Russia, even though a number of cyber experts have done so. n
24 September 30, 2016 FCW.COM
on Wendy’s
lack market,” Heath said.
Russian cybercriminals infiltrated Oracle’s Micros division, which
is one of the largest vendors of payment systems for restaurants, hotels and department stores.
Justin Heath, senior security specialist at Vectra Networks,
said such attacks are extremely damaging because point-of-sale systems are easily compromised, and the hacks can affect hundreds of millions of customers and can go undetected for a long time.
“In this case, it is estimated that roughly 330,000 devices were compromised, which means an untold number of consumer records — certainly in the millions — were potentially stolen and could be made available on the
yber.” c9
Russia’s hack
b8
Office of Personnel Management
data breach
Although the hack happened in 2015, Pam Walker, senior
of Ukraine’s
power grid