News Stay informed about the latest enterprise technology news and product updates.

Intel CISO on 'Here you have' worm, spear phishing

BOSTON — At the Forrester Research Inc. Security Forum 2010 this morning, Intel Corp. CISO Malcolm Harkins spoke to attendees about the chip giant (and soon-to-be McAfee owner)’s security program and strategies, but offered a few other notables as well that are worth sharing:

  • Speaking briefly about the threat landscape, Harkins specifically noted that the proliferation of downloadable mobile apps has caused a number of security concerns for individuals and companies alike, but that the poor security measures built into these low-cost apps shouldn’t catch anyone off-guard. “What kind of security do we think we’ll get for 99 cents?” That was arguably the quote of the day so far, drawing a hearty laugh from the crowd.
  • He revealed that Intel was struck by the “Here you have” email worm that made the rounds last week. He said that of Intel’s 80,000 employees, approximately 4,000 of them clicked on the malicious link in the email, and more than 400 were infected. Harkins tried to put a positive spin on it, saying that infection number could have been much worse, and that these sorts of attacks will always pose a threat because it’s human nature to want to check them out.
  • Finally he shared an amusing story about a senior executive at Intel who not long ago learned about spear phishing the hard way. During a period when the company was embroiled in an antitrust lawsuit, the executive received an official-looking email, claiming to be information from the court about a subpoena requiring the exec to make a court appearance. Curious, since the email contained valid information including real court dates and the names of attorneys in the case — all public information — he clicked on the link in the email to learn more. As it turned out, Harkins said, it was a targeted spear phishing message that, as soon as the link was clicked, maliciously extracted the content of his browser cache, including bank account usernames and passwords. While none of Intel’s sensitive information was breached, the incident, he said, had a silver lining: “He learned his lesson,” Harkins said. “Don’t click on [expletive].”

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.