If this were a mastercard commercial it would go like this:
- Obtaining an Internet Explorer 6,7,8 0-day = $$$$
- Creating 570 HR Phishing Messages = $
- Enticing 50 ORNL Employees to Click Links = $$
- Establishing Persistence on 2 ORNL machines = $$$
- Forcing a National Laboratory Off The Net = PRICELESS!!!!
When it comes to the APT campaign that took place on April 7, 2010, it appears as though Oak Ridge National Laboratory was the biggest loser. They can now take their place beside Google and RSA on the ever growing list of APT victims. With each new compromise by the APT it becomes more apparent that our current approach to computer security is NOT enough. We must do more to secure our computers and our data! Maybe we can look to those who have fought before us; learn from them and start fighting this war like we actually want to win...
"Invincibility lies in the defence; the possibility of victory in the Attack."