Second DOE lab is likely victim of spear-phishing attack

Pacific Northwest National Laboratory has yet to restore email, Internet service five days after attack.

The Department of Energy's Pacific Northwest National Laboratory (PNNL) is working on restoring Internet connectivity and email services after being hit by a "sophisticated cyberattack" five days ago.

It is not immediately clear if the attack resulted in any data being stolen or compromised. A lab spokesman did not immediately respond to a request for comment, but a message on the spokesman's voicemail noted that Internet and email services were down because of a sophisticated attack.

PNNL which is funded by the Energy Department and managed by Battelle, conducts research in areas such as information security, nuclear non-proliferation and counterterrorism. As of Wednesday afternoon, PNNL's main website at was unreachable. An error message noted the site was down due to "system maintenance."

According to several media reports, PNNL, based in Richland, Wash., discovered the attack July 1 and moved immediately to suspend email services and to disconnect itself from the Internet.

Those actions suggest that the PNNL was likely a victim of a spear-phishing attack in the same manner that the Oak Ridge National Laboratory (ORNL) in Tennessee was a few weeks ago, said Anup Ghosh, founder and chief scientist of security vendor Invincea.

Oak Ridge, which is also a DOE lab, took identical measures after discovering someone attempting to pilfer data out of its networks in April. According to the laboratory, the breach resulted when some employees clicked on a malicious link in a spear-phishing email message.

The email message, which appeared to have originated from ORNL's human resources group, infected a handful of computers with a sophisticated data stealing Trojan. The malware exploited an unpatched flaw in Microsoft 's Internet Explorer software, and was designed to search for and steal technical information from Oak Ridge.

Though PNNL has not said how it was attacked, chances are that it too was felled by spear-phishing, Ghosh said.

Spear-phishing attacks involve the use of emails that are personalized, localized and designed to appear like they originated from someone the recipient knows and trusts. The emails look authentic and are typically targeted at high-level executives or employees with privileged access to corporate systems and data.

Despite heightened awareness and better employee training, about 5% to 20% of spear-phishing emails still get opened, Ghosh said. Often, all it takes for the attackers to succeed is one compromised desktop, he said.

"What they are after is not that user machine. They simply use it as a beachhead from which to move inside the network," he said. Once inside a network, attackers usually are able to move with the level of access that the compromised user has. "There tend not to be any barriers," Ghosh said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is .

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags network securityfirewallssecurityMalware and VulnerabilitiesgovernmentOak Ridge National LaboratoryGovernment/Industries

More about MicrosoftOak Ridge National LaboratoryTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts