There is not a day that goes by where there is not some story of a cleared defense contractor clicking on something they were not supposed to click on and all of a sudden there is someone in the network that is not supposed to be there. These simple attacks have had some of the largest payoffs and provide threat actors a relatively safe and low-cost way to change the battlefield.

Phishing attacks have costed the Department of Defense billions of dollars in losses. Losses include man-hours spent tracing out the attack, countering any damage done to networks, money spent on upgrading defenses and countless sessions of remedial training. What is likely the most devastating consequences of these attacks is the with the information these state actors steal it allows them to significantly cut down on the R&D phase of designing new weapons or platforms. Some of these weapon systems or platforms have cost the DoD untold amounts of “treasure and blood”.

Unfortunately, there doesnt seem to be a way to combat these attacks with ease. Some units have enforced policies of no copying and pasting of links straight from emails, no downloading attachments and if an attachment is sent, it has to have been digitally signed and authenticated. These actions may have cut down on some malicious attacks but attacks will continue if an enemy is determined enough to get what you protect.