[Ics-security] Up rise on pshing e-mails
Kelly Mahoney
mahoney at jlab.org
Wed May 30 08:05:21 EDT 2012
I have personally seen a marked increase in targeted pshing e-mails.
Both asking to click on a toxic hyperlink and to provide use account
information. There is an increased effort by organized groups to target
government facilities.
Control systems are high on their list.
Two reminders:
It only takes one successful exploit to allow a hacker to gain a
foothold within a firewall.
The engineering and deveopment/HMI-SCADA PCs are the target of choice
* This includes home PCs with VPN access to JLab networks and desktops.
If you receive a pshing email, please do the following
Click on View --> Message Source
Click Forward on the original message; do not send yet.
the "to" recipient is security at jlab.org
Copy the source and paste at the end of the forwarded message. Best to
delineate where the original ends and the source begins. I use the
following:
*********** End of Original Message ********** Start Message Source
*********
Also, forward the message to Spam Autoresponder <spam at mxlogic.com> to
add to the McAfee filter.
Kelly Mahoney
*
Note: The low hanging fruit is web servers embedded in to control system
equipment that have direct internet access.
More information about the ICS-Security
mailing list