HomeNewsArticle Display

AFCYBER evaluates Airmen with spear-phishing emails

JOINT BASE SAN ANTONIO-Lackland, Texas (AFNS) -- Air Forces Cyber conducted a mock spear-phishing test on European bases in November to assess Air Force Network users’ cyber awareness.

The test, coordinated with U.S. Air Forces in Europe leaders, incorporated techniques known to be employed by adversary actors against U.S. and partner nations, for the purpose of gaining a foothold inside our networks.

“Spear-phishing attacks are a persistent threat to the integrity of our networks,” said Col. Anthony Thomas, AFCYBER Operations director. “Even one user falling for a spear-phishing attempt creates an opening for our adversaries. Part of mission resiliency is ensuring our Airmen have the proficiency to recognize and thwart adversary actions.”

Spear-phishing attacks differ from normal phishing attempts because they target a specific recipient and appear to be from a trusted source.

For the test, AFCYBER’s threat emulation team sent several emails from non-Department of Defense email addresses to network users. These emails included legitimate-looking content, mirroring tactics used by cyber adversaries. The emails provided a variety of scenarios, urging Airmen to follow certain steps.

One email appeared to come from an Airman & Family Readiness Center, asking users to update a hyperlinked spreadsheet for an upcoming sale. Another email claimed to be from a legal office, and requested users to provide data in a hyperlinked document for a court-martial jury panel.

If users followed the hyperlink, then downloaded and enabled macros in the documents, embedded code would be activated. This allowed the threat emulation team access to their computer.

According to Maj. Ken Malloy, AFCYBER’s primary planning coordinator for the assessment, attacks by state-sponsored groups are sophisticated and can catch users unaware if they’re not paying attention.

“We chose to conduct this threat emulation (test) to gain a deeper understanding of our collective cyber discipline and readiness,” said Malloy. “Lessons from our efforts in USAFE will inform data-driven decisions for improving policy, streamlining processes and enhancing threat-based user training to achieve mission assurance and promote the delivery of decisive air power.”

Results from the test showed most recipients did not fall for the emails. According to the team, the test did not collect individual user information, as it was designed to improve the network’s overall defensive posture.

To protect the network from cyber threats, users should verify every email’s source by verifying that emails from official sources have valid digital signatures. Any embedded links should produce a secure connection, represented by a padlock icon in the browser’s search bar. Users should not enable macros in Microsoft Office documents downloaded from non-DOD sources.

While this initial assessment was conducted specifically in the European theater, Malloy said spear-phishing attempts remain a constant threat to all AFNet users. Users should always be cautious and vigilant. If a malicious email is suspected, users should contact their local communications focal point for guidance.

Engage

Facebook Twitter
Any time, any place! An independent duty medical technician #Airman @Hurlburt_Field performs life-saving procedures… https://t.co/0a36WYRHux
The 455th Expeditionary Communications Squadron @BagramAirfield keeps #Airmen connected downrange. https://t.co/5RBafip23c
RT @DeptofDefense: Training to be the best! A @USAirForce pilot trains in the 360-degree Operational Flight Training Simulator at @Sheppar
An #Airman assigned @TeamMinot crouches in rotor wash in the Turtle Mountain State Forest, during a field training… https://t.co/ERqU5OnEJ0
Threatening weather does not stop once hurricane season ends, and it becomes the mission of the #HurricaneHunters t… https://t.co/ad5VuNO6mP
Virtual, augmented reality may hold key to future #AirForce training. Find out how: https://t.co/FAcEaj4w6f https://t.co/7tdpioVtu9
#MentorMonday: “Injustice anywhere is a threat to justice everywhere. We are caught in an inescapable network of mu… https://t.co/PjGcBMVliB
Our partnerships and @NATO allies help keep our mission moving forward. https://t.co/5R4ZB7XqXs
$40M up for grabs! Find out how your small business can make some cash while helping solve some of the #USAF's toug… https://t.co/0AEmZhZGdI
RT @SecAFOfficial: Happy birthday 🎉 to #USAF Col & #space pioneer Buzz Aldrin @TheRealBuzz ✈️🚀 https://t.co/gIsicyA1uk
#Innovation! First metallic #3Dprinted part installed on an operational #F22 Raptor @HAFB. The new part will not co… https://t.co/rkKr1jtThg
Practice makes perfect! These #SpecOps medical experts maintain readiness & relevance for all operations, today and… https://t.co/WMpdt9LTGe
Remembering a woman who changed the world: Millicent Young, Women #AirForce Service Pilot in World War II, dies at… https://t.co/mri1QRXOC8
From fast food to future technology, one #Airman found a new calling @AirNatlGuard and decided to ditch the fryer f… https://t.co/I8qX7GpH4n
An #F35 sits on the flightline @LukeAFB, Jan. 10. Six different aircraft maintenance units from #TeamLuke competed… https://t.co/OxVMxf7Ayw
It takes a lot of coordination to clear a flightline of snow, but @TeamMisawa--a place that averaged more than 147… https://t.co/VQ4qjdsxFz
RT @SecAFOfficial: It is our responsibility to maintain a strong national defense @usairforce https://t.co/JXzhtqdMrg
When lives are on the line, there is no margin for error. Combat Search & Rescue #Airmen at #MoodyAFB conduct pre-d… https://t.co/AsWzaa1I00
RT @AFResearchLab: When a product goes from lab to battlefield, you can expect some amazing capabilities. See what work we've done to assis…
A B-2 Spirit bomber from @Whiteman_AFB, conducts aerial refueling near @JointBasePHH, during an interoperability tr… https://t.co/wzM5GvcviS