Spear Phishing Anyone?

A+, ,

Spear Phishing

Spear Phishing Review:

If you took my CompTIA A+ 220-902 course, you remember we discussed spear phishing. As a quick review, phishing is when we have email that looks legitimate, but is really faked. It is typically an attempt to gain our personal information, or to spread malware at the very least. Spear phishing can be much more successful since it will be much more targeted. The emails might look to be from people you know in your organization, or they might already have some information about you so they look even more legitimate.

Spear Phishing in Action:

So how could something like this happen…really! Well let’s examine a recent case of it!

Here we have the true story of Charles Harvey Eccleston, an environmental scientist formerly employed by the Energy Department and the Nuclear Regulatory Commission. For unknown reasons, but enough to really anger him, Eccleston was terminated from the NRC in 2010.

Fast forward to April 2013, when Eccleston offers to provide an unnamed foreign government with more than 5,000 email addresses of all Energy Department employees for $19,000. He indicates that if the foreign government does not take the offer, he will offer the information up to China, Iran or Venezuela. He is of course selling the email addresses so that they may launch spear phishing attacks.

Thankfully the FBI catches wind of this and sets up a sting operation. In January 2015, the FBI has him target more than 80 Energy Department employees in Washington and at four national nuclear labs. The spear phishing emails contain what Eccleston thinks are links to malicious websites.  He is led to believe that, if activated, the sites could infect and damage computers. Obviously the FBI ensures that no malicious code ever gets transferred. The FBI pays Eccleston $9,000 for the fake operation and thanks him for the 1,200 email addresses (they already had!).

Eccleston now enjoys 18 months in prison for pleading guilty in February 2016 to one charge of attempting to damage protected government computers. Oh yeah, and he also has to pay back that $9,000. 🙂
Cisco Expert Level Training Programs for CCIE Routing and Switching v5.0 468x60 white

Seven New Courses in Routing and Switching Coming from CBT Nuggets

CCIE R&S, CCNA R&S, CCNP, General Technology, Juniper, ,

Routing and Switching

Overview:

I was thrilled to be tasked with creating new Nuggets on the topic of Enterprise Routing and Switching for Juniper networks. I quickly decided on two important approaches for this new training. First, I decided to break the topic up into seven courses so that I could really go into great detail. Second, I decided to separate these Nuggets clearly on theory, then Juniper specific stuff. This will be great for Cisco, Arista, HP, and other students that want to learn these important technologies, but could care very little for how specifics are carried out on Juniper gear.

The New Routing and Switching Courses:

Here is the breakdown of the new courses:

  • JNCIS-ENT(JN0-343)- Layer 2
  • JNCIS-ENT(JN0-343)- Layer 2 Security
  • JNCIS-ENT(JN0-343)- OSPF
  • JNCIS-ENT(JN0-343)- IS-IS
  • JNCIS-ENT(JN0-343)- BGP
  • JNCIS-ENT(JN0-343)- Protocol Independent Routing; Tunnels
  • JNCIS-ENT(JN0-343)- High Availability

So have you been longing for more training in some of these areas??? IS-IS perhaps??? These courses are really going to blow you away in their level of coverage, and overall approach.

The First Course – Layer 2:

What minimum topics list will we cover in the exciting first course on Layer 2 technologies? Check it out:

  • Identify the concepts, operation, and functionality of Layer 2 switching
  • Identify the concepts, benefits, and functionality of VLANs
  • Demonstrate knowledge of how to configure, monitor and troubleshoot Layer 2 switching and VLANs
  • Identify the concepts, benefits, operation, and functionality of the Spanning Tree Protocol
  • Demonstrate knowledge of how to configure and monitor STP and RSTP

Don’t miss this incredible opportunity to boost your knowledge of core routing and switching topics!
Microsoft Press