As Hurricane Irene barrels toward the eastern seaboard, the U.S. Department of Homeland Security is warning government agencies and private companies to be on the lookout for storm-related phishing attacks and other malicious cyberactivity.
In an alert issued Thursday , the agency said that cybercriminals go into overdrive during highly publicized physical events such as hurricanes and earthquakes.
“Both government agencies and private organizations could possibly become recipients of malicious activity, most commonly in the form of socially engineered spear-phishing emails,” the alert from the DHS National Cybersecurity and Communications Integration Center said.
“These emails may appear to originate from a reputable source, with the email subject closely aligned to the event and usually of interest to the recipient,” it said. “Network administrators and general users should be aware of these attempts and avoid opening messages with attachments and/or subject lines related to physical events.”
Clicking on such emails could cause malware such as keyloggers and remote access tools to be downloaded on the user’s computer, it said.
The alert is a sign of the growing attention that the DHS, which is responsible for protecting critical infrastructure targets in the U.S, and other security agencies and organizations have begun paying to phishing attacks.
Until relatively recently, phishing was considered mostly a consumer problem. But the use of phishing emails to successfully breach the Oak Ridge National Laboratory , EMC’s RSA security division , Epsilon and the Pacific Northwest National Laboratory have quickly changed that view.
Over the past few years phishers have increasingly taken advantage of natural disasters and other highly publicized incidents to slip infected emails and other malware onto user desktops.
The speed and sophistication of such attacks after the devastating earthquake and tsunami in Japan earlier this year is but one example.
Barely hours after the Japan tragedies, phishers and other online scammers began use emails, fake websites and malicious downloads to try and steal money and plant malware on user systems.
Security companies such as Symantec said they observed millions of email messages and dozens of phony websites going up in the immediate aftermath of the disaster. In most cases recipients of the email messages were encouraged to click on attachments purporting to show images and videoes of the disasters or pointing users to sites where they could ostensibly make donations to victims.
Similar scams were observed in the aftermath of earthquake in Haiti.
The danger for enterprises is that infected computers could be used as entry points into corporate networks, said Anup Ghosh, founder of security firm Invincea.
In many cases, enterprise users are hit with highly targeted spear phishing email messages that appear to come from people they know.
“Spear phishing is the number one attack vector for enterprises. It is how you get into the network,” Ghosh said. The tactic has become one of the most commonly used methods used by cyberattackers to break through corporate security defenses, he said.
“I know of CISOs who have run their own spear phishing tests and gotten click through rates of 60%,” he said. “There’s simply now training your way out of the problem.”
For more enterprise computing news, visit Computerworld. Story copyright C 2011 Computerworld Inc. All rights reserved.
Leave a reply