Image

"Not surprisingly, spear phishing tactics were cited as the single most common attack method. A vendor’s research arrived at the same findings. Spear phishing is a people issue that suggests everyone needs to know about cyber security."Spear phishing poses a serious threat to industrial control systems. Each day, computer criminals leverage this social engineering technique to develop increasingly sophisticated attacks against all types of organizations, including those in the industrial sector. Unfortunately, it looks like one of their latest campaigns is a real doozy. Kaspersky Lab senior security researcher Mohamad Amin Hasbini says the campaign, dubbed "Operation Ghoul," began back in March 2015 but churned out a series of new attack waves on 8 June 2016 and 27 June 2016:
"These have been highly active in the Middle East region and unveiled ongoing targeted attacks in multiple regions. The attackers try to lure targets through spear phishing emails that include compressed executables. The malware collects all data such as passwords, keystrokes and screenshots, then sends it to the attackers."As Tripwire's Maritza Santillan mentioned on 17 August, the campaign begins when a target receives a spear phishing email claiming to originate from the Emirates NBD, a bank based in the United Arab Emirates. The email comes with a .7z attachment that says it's a payment document.
Image

Image

Image

"Operation Ghoul is one of the many attacks in the wild targeting industrial, manufacturing and engineering organizations…[.] Kaspersky Lab recommends users to be extra cautious while checking and opening emails and attachments. In addition, privileged users need to be well trained and ready to deal with cyber threats; failure in this is, in most cases, the cause behind private or corporate data leakage, reputation and financial loss."For more information on Operation Ghoul, read Kaspersky Lab's report here. To learn more about how you can protect your ICS systems against spear phishing attacks and other threats, please check out the resources below: