ICS-CERT Publishes Phishing Advisory

This afternoon the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) posted a copy of an advisory published by the National Cybersecurity and Communications Integration Center (NCCIC) on the potential for cyber criminals/attackers to be using phishing attacks related to the assassination of Osama Bin Laden yesterday. Actually any high-profile news story, including last weeks tornado outbreak have served as phishing lures.

The NCCIC advisory gives a brief overview of the ‘phishing’ and ‘spear phishing’ processes. Most importantly they provide a number of brief descriptions of actions that every internet user can use to help protect themselves from this type of attack. The list includes (with a bit more information):

● Be wary of unsolicited attachments, even from people you know

● Keep software up to date

● Trust your instincts

● Save and scan any attachments before opening them

● Turn off the option to automatically download attachments

● View emails in “Plain Text”

Protecting the individual from phishing attacks is a very important component of protecting an organization from the types of advanced persistent attacks that are apparently becoming more common. Compromising a single computer behind the corporate firewall, particularly one with access to control systems, provides a method for attackers to wonder through the soft-underbelly of the cyber systems.

Cyber security managers (both IT and ICS) would do well to download and copy this alert to every member of their organization that has an email account. Just let everyone know that the file is coming in a separate communication; compromised .PDF files are one of the current favorite vehicles for introducing malware.