The DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) took an unusual step and posted a link on their site to an advisory published by the National Cybersecurity & Communications Integration Center (NCCIC) on targeted phishing attacks or spear phishing. With these types of attacks being involved in two recently published high profile APT (advanced persistent threat) cyber attacks this is a timely report that should be reviewed by anyone involved in cyber security management.
Spear Phishing
Spear phishing is the use of a targeted email to get a particular person in an organization to visit a compromised web site or open a document containing malicious code. The purpose of this mode of attack is to allow a more persistent attack on the organization’s computers from within the corporate firewall.
Since control systems are not normally directly hooked to the internet, an outside attack on those systems will normally have to be through the corporate network with the most likely access point being through the computers of people that directly interface with the control system. This makes these people prime targets for spear phishing attacks.
Nothing in this NCCIC advisory directly references control systems, but the mitigation strategies listed in the advisory will generally apply to attacks ultimately pointed at those systems as well.
VPN Access
One area overlooked in the advisory is the issue of personnel with lap top access to the corporate network (or control system) through a VPN connection. Personnel who access the internet or their personal email through other than the VPN connection are particularly vulnerable to this type of attack as the spear phishing attack will not be made through the corporate firewall.
These personnel need to be specifically warned about the problem and should be encouraged to make all internet access on the machine through the VPN. They should also be warned about providing anyone with both their personal and corporate email addresses.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment