The cyber security threat to the energy sector is alive and well as evidenced by a just released Department of Homeland Security (DHS) report, which details a “spear-phishing” campaign last fall targeting 11 energy companies.

The spear-phishing campaign, which started and ended in October 2012, used publicly available information from an electric utility’s web site to customize an attack against members of the energy sector. According to the report from the DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), employee names, company email addresses, company affiliations, and work titles were found on the utility’s web site on a page that listed the attendees at a recent committee meeting. This publicly available information gave the attacker “the company knowledge necessary to target specific individuals within the electric sector.”

The report notes that malicious emails were crafted informing the recipients of the sender’s new email address and asked them to click on the attached link. This link led to a site that contained malware. Another email with a malicious attachment may also have been associated with the campaign.

“Working with the ES-ISAC [Electricity Sector Information Sharing and Analysis Center], it was determined that 11 entities were targeted in this campaign, and luckily no known infections or intrusions occurred, the government agency said in the report. “ICS-CERT worked with our partners at the ES-ISAC to coordinate support for the targeted entities.”

In February President Obama signed an executive order to strengthen the cybersecurity of critical U.S. infrastructure by increasing information sharing and by jointly developing and implementing with industry partners a framework of cybersecurity practices (see Daily GPI, Feb. 14). Obama began considering an executive order aimed at protecting critical national infrastructure, including power plants and natural gas and crude pipelines, from cyber attacks, after the U.S. Congress failed to pass the Cybersecurity Act of 2012 last summer (see Daily GPI, Sept. 13, 2012; July 23, 2012).

“Proactive and coordinated efforts are necessary for us to strengthen and maintain secure, functioning and resilient critical infrastructure — including the assets, networks and systems that are vital to public confidence and the nation’s safety, prosperity and well-being,” according to a White House statement following the executive order. “This endeavor is a shared responsibility among the federal, state, local, tribal and territorial entities, and public and private owners and operators of critical infrastructure.”

The order came just days after the Department of Energy (DOE) said a “cyber incident” at DOE headquarters in Washington, DC, in January targeted the agency’s network “and resulted in the unauthorized disclosure of employee and contractor” information (see Daily GPI, Feb. 5). No classified data was compromised by the cyber attack, according to DOE.

Energy regulators continue to view cyber security as an important priority. During a briefing Wednesday at Federal Energy Regulatory Commission (FERC) headquarters in Washington, DC, Commission Chairman Jon Wellinghoff said the risks from cyber security threats to generation and gas pipeline infrastructure are increasing. However, he did note that there seem to be more vendors coming out with solutions to help the energy industry combat the problem (see Daily GPI, April 4, 2013).

ICS-CERT said publicly accessible information commonly found on social media, as well as professional organization and industry conference web sites, is a recognized resource for attackers performing reconnaissance activities. “With this information, attackers can craft convincing spear phishing and have a higher likelihood of successfully convincing the targeted individual to click on the malicious link or attachment,” ICS-CERT said in the report. “In order to reduce the likelihood of becoming a victim of spear-phishing attacks, minimize the business-related and personal information on social media web sites.”

©Copyright 2013Intelligence Press Inc. All rights reserved. The preceding news reportmay not be republished or redistributed, in whole or in part, in anyform, without prior written consent of Intelligence Press, Inc.