Three fuels for ORNL cyber attack
There were reportedly three unfortunate things that enabled the cyber attack at Oak Ridge National Laboratory and created a crisis situation that's taken big resources to address and fix.Two of the events have been reportedly previously: multiple staff members (48, all told) clicked on a link in a phishing email, but one click in particular took hold and precipitated the entry, and there was a temporary vulnerability in the Internet Explorer software that facilitated the intrusion.
The third -- and what apparently turned bad to worse -- was that the machine central to the attack was being used by a lab employee with "elevated" privileges.
''You have a machine that was operating with administrative privileges," Jeff Smith, ORNL's deputy lab director for operations, said. "So you have more access to different accounts and so forth. It was a combination of those (three events). Take out any one of those . . . So, the consquences of having all three of those things happen at once, enabled the malware to get its foothold and do its thing."
No comments:
Post a Comment