HomeNewsArticle Display

AFCYBER evaluates Airmen with spear-phishing emails

JOINT BASE SAN ANTONIO-Lackland, Texas (AFNS) -- Air Forces Cyber conducted a mock spear-phishing test on European bases in November to assess Air Force Network users’ cyber awareness.

The test, coordinated with U.S. Air Forces in Europe leaders, incorporated techniques known to be employed by adversary actors against U.S. and partner nations, for the purpose of gaining a foothold inside our networks.

“Spear-phishing attacks are a persistent threat to the integrity of our networks,” said Col. Anthony Thomas, AFCYBER Operations director. “Even one user falling for a spear-phishing attempt creates an opening for our adversaries. Part of mission resiliency is ensuring our Airmen have the proficiency to recognize and thwart adversary actions.”

Spear-phishing attacks differ from normal phishing attempts because they target a specific recipient and appear to be from a trusted source.

For the test, AFCYBER’s threat emulation team sent several emails from non-Department of Defense email addresses to network users. These emails included legitimate-looking content, mirroring tactics used by cyber adversaries. The emails provided a variety of scenarios, urging Airmen to follow certain steps.

One email appeared to come from an Airman & Family Readiness Center, asking users to update a hyperlinked spreadsheet for an upcoming sale. Another email claimed to be from a legal office, and requested users to provide data in a hyperlinked document for a court-martial jury panel.

If users followed the hyperlink, then downloaded and enabled macros in the documents, embedded code would be activated. This allowed the threat emulation team access to their computer.

According to Maj. Ken Malloy, AFCYBER’s primary planning coordinator for the assessment, attacks by state-sponsored groups are sophisticated and can catch users unaware if they’re not paying attention.

“We chose to conduct this threat emulation (test) to gain a deeper understanding of our collective cyber discipline and readiness,” said Malloy. “Lessons from our efforts in USAFE will inform data-driven decisions for improving policy, streamlining processes and enhancing threat-based user training to achieve mission assurance and promote the delivery of decisive air power.”

Results from the test showed most recipients did not fall for the emails. According to the team, the test did not collect individual user information, as it was designed to improve the network’s overall defensive posture.

To protect the network from cyber threats, users should verify every email’s source by verifying that emails from official sources have valid digital signatures. Any embedded links should produce a secure connection, represented by a padlock icon in the browser’s search bar. Users should not enable macros in Microsoft Office documents downloaded from non-DOD sources.

While this initial assessment was conducted specifically in the European theater, Malloy said spear-phishing attempts remain a constant threat to all AFNet users. Users should always be cautious and vigilant. If a malicious email is suspected, users should contact their local communications focal point for guidance.

Engage

Facebook Twitter
Ever heard of the rule of 0-0-1-3? No. Well it means to have zero alcohol if you're underage, zero drinks if you're… https://t.co/7bNRnhYuWS
RT @HQ_AFMC: #Readiness was on display by our @AFResearchLab teams during a live-virtual-constructive training simulation, enabling #Airmen
RT @AFWERX: We can't wait for 2020: The @USAirForce Advanced Manufacturing Olympics is slated for July 8-9 in Salt Lake City & will bring t…
RT @AirNatlGuard: “The Silver Flag training sites provide our Airmen with real-world scenarios to reinforce our Air Force Specialty Code sk…
RT @US_TRANSCOM: Watch a @usairforce KC-10A refuel, and be refueled during same mission in support of @CJTFOIR. #Togetherwdeliver #NKAWTG #…
RT @AETCommand: Transforming the way we learn with technology is one of our key priorities here in the First Command! Check out the photos…
RT @AirNatlGuard: This week, @ChiefNGB visited the @PRNationalGuard at Muñiz Air National Guard Base to meet with senior leaders and discus…
RT @GenDaveGoldfein: YOU are the most important reason for our mission success. Take care of each other & preserve the connections & commun…
RT @AirmanMagazine: When it comes to acquisitions, the @usairforce has the need for speed. Equipping Airmen with the best technology start…
RT @GenDaveGoldfein: A distinct privilege to help unveil the F-117 exhibit, establishing this remarkable aircraft in its rightful place in…
RT @AirNatlGuard: “For me personally, the CAP and Air Guard go hand in hand. When I look back at any state active duty or state support we…
RT @GenDaveGoldfein: Honored to participate on a panel with my fellow Service Chiefs at the @ReaganInstitute. May our leaders of today & th…
It was just a childhood dream but it crescendoed into this #Airman becoming the only woman in the #AirForce to both… https://t.co/vzGjPe7Vri
RT @USAFReserve: Loadmaster first Reservist to complete USAF Weapons School Advanced Instructor Course (Story by the @403rdWing) #ReserveRe
.@secafoffical will speak about America’s footprint in space going forward at 5:45 EST. Watch live at https://t.co/aSlw5ceGJj
RT @DeptofDefense: LIVE: @EsperDoD delivers keynote remarks at the Reagan National Defense Forum. #RNDF https://t.co/ZXhuaTOQTm
Today, we help Col. Charles McGee, a Tuskegee Airman, combat veteran and American legend, celebrate 💯 sorties aroun… https://t.co/bcmcDr4IYW
December 7, 1941. #PearlHarbor and six other #military bases on the Hawaiian island of Oahu were attacked, beginnin… https://t.co/4GvB8yPpGV
RT @US_TRANSCOM: Take a look at @usairforce Airmen assigned to the @109thAW using their ski-equipped C-130s to deliver supplies to the Arct…