I read about a phishing attack on the White House on PandoyDaily today. According to Pando (image above was taken from their blog post:

State Department hackers conducted a phishing attack that allowed them to access a White House network that had “real-time non-public information about the president’s schedule,” among other data. They attribute this to a CNN report here.

The intrusions have been attributed to Russian-sponsored hackers who have increased the “pace and sophistication” of their attacks because of the situation in Ukraine and the United States’ economic sanctions against the motherland.

According to a post on Wired:

An estimated 91-percent of hacking attacks begin with a phishing or spear-phishing email. Although firewalls and other security products on the perimeter of a company’s network may help prevent other kinds of malicious traffic from entering the network—for example through vulnerable ports—email is generally considered legitimate and trusted traffic and is therefore allowed into the network. Email filtering systems can catch some phishing attempts, but they don’t catch all of them. Phishing attacks are so successful because employees click on them at an alarming rate, even when emails are obviously suspicious.

If email is generally considered legitimate and trusted traffic and is therefore allowed into the network. And phishing attacks are successful because employees click on therm even when emails are obviously suspicious, imagine how easy it would be for attackers to go spear phishing via apps. Employees trust links inside apps way more than they do in emails. And network-based filtering systems are unable to detect phishing attacks that take place inside apps.

It’s time for the White House to mandate employees to use apps that have built-in security to protect them from phishing attacks. Let’s make WebView more secure.