Dive Brief:
- The utility industry may want to stop worrying so much about cyberattacks by viruses such as Stuxnet and Flame and instead focus on the more low-tech threat of targeted phishing expeditions by those intent upon doing harm to the power grid.
- Anti-phishing precautions are recommended for companies that employ Supervisory Control and Data Acquisition (SCADA) computer networks that monitor and control industrial processes.
- A likely target of phishing are engineers who work on SCADA systems.
Dive Insight:
An initial phishing attempt may not be aimed at immediately infecting a network to attack the grid. It may be to simply learn how a utility's systems function and establish a backdoor for use at a later date. "The way malware is getting into these internal networks is by social engineering people via email. You send them something that's targeted, that contains a believable story, not high-volume spam, and people will act on it by clicking a link or opening a file attached to it. Then, boom, the attackers get that initial foothold they're looking for," said Rohyt Belani, CEO and co-founder of anti-phishing firm PhishMe.
