DHS warns that Irene could prompt phishing scams

Cybercriminals increasingly using disasters to launch attacks on government agencies, private companies

As Hurricane Irene barrels toward the eastern seaboard, the U.S. Department of Homeland Security is warning government agencies and private companies to be on the lookout for storm-related phishing attacks and other malicious cyberactivity.

In an alert issued Thursday , the agency said that cybercriminals go into overdrive during highly publicized physical events such as hurricanes and earthquakes.

"Both government agencies and private organizations could possibly become recipients of malicious activity, most commonly in the form of socially engineered spear-phishing emails," the alert from the DHS National Cybersecurity and Communications Integration Center said.

"These emails may appear to originate from a reputable source, with the email subject closely aligned to the event and usually of interest to the recipient," it said. "Network administrators and general users should be aware of these attempts and avoid opening messages with attachments and/or subject lines related to physical events."

Clicking on such emails could cause malware such as keyloggers and remote access tools to be downloaded on the user's computer, it said.

The alert is a sign of the growing attention that the DHS, which is responsible for protecting critical infrastructure targets in the U.S, and other security agencies and organizations have begun paying to phishing attacks.

Until relatively recently, phishing was considered mostly a consumer problem. But the use of phishing emails to successfully breach the Oak Ridge National Laboratory , EMC's RSA security division , Epsilon and the Pacific Northwest National Laboratory have quickly changed that view.

Over the past few years phishers have increasingly taken advantage of natural disasters and other highly publicized incidents to slip infected emails and other malware onto user desktops.

The speed and sophistication of such attacks after the devastating earthquake and tsunami in Japan earlier this year is but one example.

Barely hours after the Japan tragedies, phishers and other online scammers began use emails, fake websites and malicious downloads to try and steal money and plant malware on user systems.

Security companies such as Symantec said they observed millions of email messages and dozens of phony websites going up in the immediate aftermath of the disaster. In most cases recipients of the email messages were encouraged to click on attachments purporting to show images and videoes of the disasters or pointing users to sites where they could ostensibly make donations to victims.

Similar scams were observed in the aftermath of earthquake in Haiti.

The danger for enterprises is that infected computers could be used as entry points into corporate networks, said Anup Ghosh, founder of security firm Invincea.

In many cases, enterprise users are hit with highly targeted spear phishing email messages that appear to come from people they know.

"Spear phishing is the number one attack vector for enterprises. It is how you get into the network," Ghosh said. The tactic has become one of the most commonly used methods used by cyberattackers to break through corporate security defenses, he said.

"I know of CISOs who have run their own spear phishing tests and gotten click through rates of 60%," he said. "There's simply now training your way out of the problem."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitygovernmentGovernment/Industries

More about EMC CorporationEpsilon InteractiveetworkOak Ridge National LaboratoryRSASymantecTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place