Natural Gas Pipeline companies are currently facing a major targeted phishing attack from a single source according to the Christian Science Monitor.
The attacks that seemed to have begun in December 2011 have caused the DHS to release three amber alerts, and the ICS-CERT team to release an incident response report on Friday:
“That fact was reaffirmed late Friday in a public, albeit less detailed, ‘incident response’ report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.”
The incident response report explained that an analysis of the attacks shows that attacker was using a “spear-phishing” technique:
“Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It goes on to broadly describe a sophisticated ‘spear-phishing’ campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.”