The United States Industrial Control Systems Cyber EmergencyResponse Team (ICS-CERT) has issued a warning about an active"spear phishing" campaign targeting companies in the natural gaspipeline sector. In an advisory issued last week, ICS-CERT said it has receivedinformation about targeted attacks and intrusions into multipleorganizations over the past several months. The attacks are related to a single campaign and appear to havestarted in late December 2011, the advisory noted. "Analysis showsthat the spear-phishing attempts have targeted a variety ofpersonnel within these organizations; however, the number ofpersons targeted appears to be tightly focused," the ICS-CERT said. |
"In addition, the e-mails have been convincingly crafted to appearas though they were sent from a trusted member internal to theorganization," it said. ICS-CERT is currently working with multiple organizations todetermine the scope of the attack activity and to discussmitigation measures. It has also conducted a series f briefingswith infrastructure asset owners around the country to shareinformation on the attacks, the advisory noted. The Christian Science Monitor, which was the first to report the attacks , quoted unidentified sources as saying that the U.S. Department ofHomeland Security (DHS) has so far released at least threeconfidential "amber" alerts warning gas pipeline companies aboutthe attacks.
The DHS alerts were far more specific than the ICS-CERT advisoryand contained details like file names, IP addresses and othermarkers that a company could use to see if it was breached, TheMonitor said in its report. Interestingly, one of the alerts asked companies that believed theyhad been breached, not to do anything to stop the maliciousactivity on their networks The Monitor said, quoting an individualwho claimed to have seen the alert. The goal apparently is to gather as much information on the attacksas possible without tipping the attackers that they had beendiscovered, the report said. Patrick Miller, principal investigator of the National ElectricSector Cybersecurity Organization, said that the wording in thealerts suggest that at least some organizations may have beenbreached.
"We haven't seen any raw breach data, but it is impliedbased on what we have noticed [in the alerts]," he said. "We dohave indicators that the threat is active." News of the ongoing so-called spear phishing attempts is sure to focus attention on the ability of U.S.critical infrastructure organizations to withstand targeted andpersistent attacks. Successful spear phishing attacks against organizations such as RSA Security , the Oak Ridge National Laboratories and Epsilon Interactive have considerably heightened awareness of the threat. Even so, an organization's ability to defend itself against suchattacks rests substantially on its employees.
In a spear phishing campaign, an attacker sends a fake emailmessage containing a malicious link or attachment to a targetedvictim. The email is typically designed to appear like it came froma trusted source and tries to persuade the recipient to click onthe malicious link or open the malicious attachment. In many cases,the phishing emails are personalized, localized, and containscontent designed to convince the recipient, of the authenticity ofthe sender. Often, all it takes for an attacker to gain a foothold in anotherwise secure network is for one phishing email recipient toclick on a malicious link or attachment.
The real danger with suchattacks is that they are highly targeted and persistent in nature,Miller said. "Any time you see such attacks they are of the highestconcern," he said. "Shotgun attacks don't care about the victim solong as they hit any target." Anup Ghosh, founder of the security firm Invincea, said thatdespite heightened awareness, phishing remains a major problem. Andcontrary to popular perception, spear phishing attacks are notalways targeted at just a handful of highly placed individualswithin an organization, he said.
In many cases, attackers target large swathes of individuals withinan organization with carefully worded fake email missives. "Allthey want is one beachhead on the network," he said. "Once insidethere are little controls to stop an attacker from moving from onemachine to another." Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.
I am an expert from tempered-SafetyGlass.com, while we provides the quality product, such as China Laminated Safety Glass , Borosilicate Float Glass Manufacturer, Low E Insulated Glass,and more.
Related Articles -
China Laminated Safety Glass, Borosilicate Float Glass Manufacturer,