Spear-phishing emails targeting energy companies
Posted on 08 April 2013.
Information over-sharing can lead to cleverly executed and dangerous spear-phishing campaigns, warns the US Department of Homeland Security and the ICS-CERT.


According to an account in the latest edition of the ICS-CERT Monitor, a (luckily unsuccessful) spear-phishing campaign has recently been launched against 11 companies in the energy sector after a list of the attendees at a committee meeting has been published on the utility's website.

The list contained the names, work titles, company affiliations and email addresses of the attendees, and that was all the attackers needed. Impersonating one of the people on the list, they sent a specially crafted email to the rest notifying them about a change of the sender's email address and asking them to click on the attached link to a websites serving malware.

The report does not say whether the attacks were unsuccessful because the targeted email recipients recognized the spear-phishing emails for what they were, whether the emails were caught by the organizations' defenses, or whether it was pure luck that the recipients didn't follow the malicious instructions.

Still, the example illustrates perfectly how seemingly innocuous information can be effectively used to mount attacks.

"In order to reduce the likelihood of becoming a victim of spear-phishing attacks, minimize the business-related and personal information on social media Web sites," ICS-CERT advises. "Business-related information could include job title, company email, organizational structure, and project names. If information exists on other Web sites, contact the Web site owner and ask that it be removed."

Spear-phishing has become the preferred initial step of attackers looking to gain a foothold into an organization, as it targets the weakest link in most security chains: the human.









Spotlight

Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //