Phishing: Targeted Attacks

The threat of phishing remains prevalent in all aspects of digital life. Both personal and professional. But a recent deep dive by Mandient into the details of a more specific kind of attack that is on the rise. This shines a light on the threat of industrial-themed email attacks and how they can affect operational technology.

What is Operational Technology?

Operational technology is the hardware or software that monitors and sometimes controls industrial equipment.  This technology will detect, as well as cause, changes to the processes that are physically happening through monitoring and direct control of the physical device.  Often found in factories, the oil and gas industry, mining, utilities, and transportation, it is all around us and controls things that we use every day.

Information technology (IT) attacks are more familiar, and those target electronic transactions. This type of attack might include email, databases, transactions, and more. Whereas a successful OT attack would have a huge impact on our infrastructure.

What to Look For

In phishing emails, these targeted messages will often use industry-specific language. It will be familiar to the individual working, but not commonly used outside of the job. The familiarity of the language used can cause an employee to place trust in the message and its sender. Their guard will go down as they assume it’s someone ‘within their professional circle’.

How to Offset the Risk

Human error remains the biggest risk to a business’s cybersecurity. An ongoing training program must be part of the plan to offset that risk. Creating awareness is only the start of the battle. That awareness must be cultivated to grow along with the increased sophistication to which cybercrime continues to grow. If you are within an industry that utilizes OT or you are an MSP supporting clients that have it, remind them that every email should be met with caution. The impact of a compromise may not be seen immediately, so if they mistakenly clicked on something they shouldn’t have, alerting the proper parties is critical.

Breach Secure Now offers integrated phishing training tools as well as automated reporting that provides feedback on the success of campaigns. If you’re not yet a Breach Secure Now partner, it’s time to build human firewalls! Let’s get started!