14 DAY TRIAL // The US Department of Homeland Security’s latest ISC-CERT Monitor reveals that a recent spear-phishing campaign has targeted the systems of 11 companies from the energy sector.
The campaign was active in October 2012 and it used publicly available information.
In order to target specific individuals within the energy sector, the attackers harvested information available on the companies' websites. They utilized names, email addresses, company affiliations and work titles to make the emails they sent out more legitimate-looking.
“Malicious emails were crafted informing the recipients of the sender’s new email address and asked them to click on the attached link. This link led to a site that contained malware. Another email with a malicious attachment may also have been associated with this campaign,” the DHS’s report reads.
The DHS warns that publicly accessible information found on company websites and social media accounts are a valuable resource for cybercriminals.
That’s why the agency advises organizations to limit the business-related information published on their websites. In addition, users should be cautious about the business-related and personal information they share on social networks.