The U.S. Computer Emergency Readiness Team has issued a warning about a new phishing campaign that uses spoofed US-CERT email addresses.
Reports about the phishing campaign were received by US-CERT on Tuesday. A variety of organizations have been targeted in the attack, including private sector businesses, government contractors and federal agencies.
The message contains a zipped attachment with a phony report. The attachment is an executable file with the name “US-CERT Operation CENTER Reports,” according to the US-CERT phishing campaign advisory. There is no information about the malware contained in the attachment.
The primary email address being spoofed is SOC@US-CERT.GOV, but other invalid email addresses are being used. US-CERT said it would provide additional details as they become available.
The common advice from experts is to train end users to avoid opening attachments in email messages from unknown sources, but the cybercriminals behind the phishing campaigns are becoming more successful. Spear phishing is the common cause of many high-profile data breaches, including the RSA SecurID breach. Security awareness training is a good step to reduce the risk to enterprises, according to David Sherry, chief information security officer of Brown University. In order to be successful, training must be sustained and should include everyone at the company, including executive management.
Technology is available to defend against phishing. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) authentication technology can be effective, but the authentication technologies must be more widely adopted to be truly effective, according to application security expert Michael Cobb.