In its April 2012 Monthly Monitor, the Department of Homeland Security’s (DHS) Industrial Control Systems – Cyber Emergency Response Team (ICS-CERT) warns that a number of cyberattacks have been identified to target companies from the natural gas pipeline sector.
The report reveals that the spear-phishing campaign dates back to as early as December 2011, a single group being suspected of coordinating the entire operation.
After analyzing the threat, ICS-CERT has concluded that the attacks haven’t focused on specific employees, malicious emails being sent to a variety of personnel from within the companies.
Furthermore, the notifications are designed to appear as if they are being sent by someone who is a trusted member of the organization. This technique usually ensures a higher rate of success for such operations.
“ICS-CERT has issued an alert (and two updates) to the US-CERT Control Systems Center secure portal library and also disseminated them to sector organizations and agencies to ensure broad distribution to asset owners and operators,” the report reads.
“ICS-CERT Alerts are intended to provide early warning indicators of threats and vulnerabilities for the community to act upon quickly. While ICS-CERT strives to make as much information publicly available as possible, the indicators in these alerts are considered sensitive and cannot be disseminated through public or unsecure channels.”
The agency is currently working with a number of targeted organizations, trying to assess the extent of the damage caused, and remove the infections from their networks.
ICS-CERT conducted briefings all across the US, but until a detailed mitigation advisory is released, oil and natural gas companies are recommended to deploy “Defense in Depth” practices.
Also, firms are advised to educate their employees and their customers on the risks posed by social engineering and spear-phishing attacks.