The military services and some agencies, including the Homeland Security Department and the Department of Veterans Affairs, can now launch diagnostic phishing attacks against their own workers.
Phishing is a technique of tricking or coercing users into giving up personal information, revealing log-in names and passwords or visiting malware or virus-infected Web sites. The government-sanctioned attacks will be designed to test how well federal workers adhere to organization's e-mail security policies.
The agencies will launch the attacks with Core Security Technologies' CORE IMPACT penetration testing software. The IMPACT software will send keep track of how many employees click on the malicious links. With that information, agencies can gauge the effectiveness of their IT security education program.
“Businesses are recognizing the severity of client-side attacks and are demanding solutions that help them more accurately evaluate their potential exposure,” Paul Paget, chief executive officer at Core Security, said in a statement released today.
Organizations also can use the penetration testing software for spear phishing, a highly specialized form of phishing attack that targets information relevant to the organization under attack.
Phishing attacks have become the favored method for attackers. According to the United States Computer Emergency Readiness Team's quarterly trends and analysis report, phishing accounts for nearly 84 percent of all attacks reported to the computer security agency.
Other agencies with plans for using the Core Security software include the Labor, Energy and Agriculture departments, the National Institute of Standards and Technology, the U.S. Agency for International Development, the U.S. Courts and the U.S. Postal Service.
