I am hearing rumors that ICS-CERT has published an alert on the US CERT Secure Portal about an on-going phishing campaign directed against various organizations in the chemical and energy sectors. I understand that the alert is supposed to provide specific information about indicators that may be used to detect these attacks. I would urge all organizations in these two sectors (and really everyone else in critical infrastructure) to locate this alert on the Secure Portal.
As usual I have to remind folks that I don’t have access to the Secure Portal (and if I did I wouldn’t be able to post warnings of this sort) so you will have to go there yourself to see if the rumors that I am hearing are true. I also urge every high-risk chemical facility to sign up for access to the Secure Portal so that they have routine access to alerts and advisories that are issued in that venue.
NOTE: The following information comes from the ICS-CERT landing page:
“ICS-CERT encourages U.S. asset owners and operators to join the Control Systems compartment of the US-CERT secure portal. Send your name, e-mail address, and company affiliation to firstname.lastname@example.org.”
I do not expect that this alert will make it to the public ICS-CERT web site. The type of indicators that I would expect to see on an alert of this sort are time sensitive. They would be released on the Secure Portal because DHS would not want to compromise an on-going investigation of reported attacks.