April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

ICS-CERT warns on utility web page info

Critical infrastructure providers should be careful about posting industry event and business contact information on their Web pages because that data has been used to customize “spear fishing” attacks aimed at the larger critical infrastructure community, said the U.S. critical infrastructure Cyber emergency team.

The latest issue of ICS-CERT Monitor—posted by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) on April 3 discusses an electronic attack last October on an electric utility’s Web site that was used to customize a larger assault against members of the energy sector.  ICS-CERT didn’t name the utility.

In the incident, ICS-CERT said online attackers found employee names, company email addresses, company affiliations, and work titles on the electric company’s  Web site on a page that listed the attendees at a recent committee meeting. The publicly-available information gave the attacker the company knowledge necessary to target specific individuals within the electric energy sector, it said.

According to ICS-CERT, the attackers created malicious emails that informed recipients of the sender’s new email address and asked them to click on an attached link. The link led to a site that contained malware. Another email with a malicious attachment may also have been associated with this campaign, it said.

ICS-CERT worked with the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) to determine that 11 entities were targeted in the campaign, but added that “luckily no known infections or intrusions occurred.”

ICS-CERT warned that publicly-accessible information that is commonly found on social media, as well as professional organization and industry conference Web sites, is a recognized resource for attackers performing reconnaissance activities. “With this information, attackers can craft convincing spear phishing and have a higher likelihood of successfully convincing the targeted individual to click on the malicious link or attachment.”

It recommended minimizing business-related and personal information on social media Web sites. Business-related information could include job title, company email, organizational structure, and project names. If information exists on other Web sites, contact the Web site owner and ask that it be removed, it said.

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...