Security Bytes

Sep 16 2010   3:11PM GMT

Intel CISO on ‘Here you have’ worm, spear phishing



Posted by: Eric Parizo
Tags:

BOSTON — At the Forrester Research Inc. Security Forum 2010 this morning, Intel Corp. CISO Malcolm Harkins spoke to attendees about the chip giant (and soon-to-be McAfee owner)’s security program and strategies, but offered a few other notables as well that are worth sharing:

  • Speaking briefly about the threat landscape, Harkins specifically noted that the proliferation of downloadable mobile apps has caused a number of security concerns for individuals and companies alike, but that the poor security measures built into these low-cost apps shouldn’t catch anyone off-guard. “What kind of security do we think we’ll get for 99 cents?” That was arguably the quote of the day so far, drawing a hearty laugh from the crowd.
  • He revealed that Intel was struck by the “Here you have” email worm that made the rounds last week. He said that of Intel’s 80,000 employees, approximately 4,000 of them clicked on the malicious link in the email, and more than 400 were infected. Harkins tried to put a positive spin on it, saying that infection number could have been much worse, and that these sorts of attacks will always pose a threat because it’s human nature to want to check them out.
  • Finally he shared an amusing story about a senior executive at Intel who not long ago┬álearned about spear phishing the hard way. During a period when the company was embroiled in an antitrust lawsuit, the executive received an official-looking email, claiming to be information from the court about a subpoena requiring the exec to make a court appearance. Curious, since the email contained valid information including real court dates and the names of attorneys in the case — all public information — he clicked on the link in the email to learn more. As it turned out, Harkins said, it was a targeted spear phishing message that, as soon as the link was clicked, maliciously extracted the content of his browser cache, including bank account usernames and passwords. While none of Intel’s sensitive information was breached, the incident, he said, had a silver lining: “He learned his lesson,” Harkins said. “Don’t click on [expletive].”

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: