CERT warns of targeted phishing attacks against gas pipeline firms
Some companies may already have been breached by the 'spear phishing' attacks
Computerworld - The United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a warning about an active "spear phishing" campaign targeting companies in the natural gas pipeline sector.
In an advisory issued last week, ICS-CERT said it has received information about targeted attacks and intrusions into multiple organizations over the past several months.
The attacks are related to a single campaign and appear to have started in late December 2011, the advisory noted. "Analysis shows that the spear-phishing attempts have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused," the ICS-CERT said.
"In addition, the e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization," it said.
ICS-CERT is currently working with multiple organizations to determine the scope of the attack activity and to discuss mitigation measures. It has also conducted a series f briefings with infrastructure asset owners around the country to share information on the attacks, the advisory noted.
The Christian Science Monitor, which was the first to report the attacks, quoted unidentified sources as saying that the U.S. Department of Homeland Security (DHS) has so far released at least three confidential "amber" alerts warning gas pipeline companies about the attacks.
The DHS alerts were far more specific than the ICS-CERT advisory and contained details like file names, IP addresses and other markers that a company could use to see if it was breached, The Monitor said in its report.
Interestingly, one of the alerts asked companies that believed they had been breached, not to do anything to stop the malicious activity on their networks The Monitor said, quoting an individual who claimed to have seen the alert.
The goal apparently is to gather as much information on the attacks as possible without tipping the attackers that they had been discovered, the report said.
Patrick Miller, principal investigator of the National Electric Sector Cybersecurity Organization, said that the wording in the alerts suggest that at least some organizations may have been breached. "We haven't seen any raw breach data, but it is implied based on what we have noticed [in the alerts]," he said. "We do have indicators that the threat is active."
News of the ongoing so-called spear phishing attempts is sure to focus attention on the ability of U.S. critical infrastructure organizations to withstand targeted and persistent attacks.
Even so, an organization's ability to defend itself against such attacks rests substantially on its employees.
In a spear phishing campaign, an attacker sends a fake email message containing a malicious link or attachment to a targeted victim. The email is typically designed to appear like it came from a trusted source and tries to persuade the recipient to click on the malicious link or open the malicious attachment. In many cases, the phishing emails are personalized, localized, and contains content designed to convince the recipient, of the authenticity of the sender.
Often, all it takes for an attacker to gain a foothold in an otherwise secure network is for one phishing email recipient to click on a malicious link or attachment. The real danger with such attacks is that they are highly targeted and persistent in nature, Miller said. "Any time you see such attacks they are of the highest concern," he said. "Shotgun attacks don't care about the victim so long as they hit any target."
Anup Ghosh, founder of the security firm Invincea, said that despite heightened awareness, phishing remains a major problem. And contrary to popular perception, spear phishing attacks are not always targeted at just a handful of highly placed individuals within an organization, he said.
In many cases, attackers target large swathes of individuals within an organization with carefully worded fake email missives. "All they want is one beachhead on the network," he said. "Once inside there are little controls to stop an attacker from moving from one machine to another."
- Syrian Electronic Army shanghais Microsoft's Twitter account, blog
- Is French outrage against U.S. spying misplaced?
- Lawmakers seek answers on Obamacare Data Hub security
- China-based hacking group behind hundreds of attacks on U.S. companies
- How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
- New York Times site outage caused by attack on domain registrar, company says
- Cyber drills like Quantum Dawn 2 vital to security in financial sector
- Quantum Dawn 2 will test Wall Street's cyber readiness
- Pentagon accuses China of cyberattacks on U.S military, business targets
- Spamhaus attacks expose huge open DNS server dangers
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Secure, Centralized, Simple: Multi-platform EMM BYOD, corporate-issued, or a mix. Manage all the mobile platforms and devices in your enterprise through a single pane of glass.
- The CIO's Guide to Enterprise Mobility Management (EMM) This guide will help those making an EMM platform decision make the best choice for their organization.
- Yankee Group: BlackBerry Results Refute Rumors of its Demise Yankee Group: BlackBerry® is stronger than the press makes it out to be.
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Cybercrime and Hacking White Papers | Webcasts