Readiness team warns of spoofed US-CERT email addresses in phishing campaign

A phishing email campaign is targeting private and public sector organizations with phony US-CERT email addresses.

The U.S. Computer Emergency Readiness Team has issued a warning about a new phishing campaign that uses spoofed US-CERT email addresses.

Reports about the phishing campaign were received by US-CERT on Tuesday. A variety of organizations have been targeted in the attack, including private sector businesses, government contractors and federal agencies.

The message contains a zipped attachment with a phony report.  The attachment is an executable file with the name “US-CERT Operation CENTER Reports,” according to the US-CERT phishing campaign advisory. There is no information about the malware contained in the attachment.

The primary email address being spoofed is SOC@US-CERT.GOV, but other invalid email addresses are being used. US-CERT said it would provide additional details as they become available.

The common advice from experts is to train end users to avoid opening attachments in email messages from unknown sources, but the cybercriminals behind the phishing campaigns are becoming more successful. Spear phishing is the common cause of many high-profile data breaches, including the RSA SecurID breach. Security awareness training is a good step to reduce the risk to enterprises, according to David Sherry, chief information security officer of Brown University. In order to be successful, training must be sustained and should include everyone at the company, including executive management. 

Technology is available to defend against phishing. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) authentication technology can be effective, but the authentication technologies must be more widely adopted to be truly effective, according to application security expert Michael Cobb.

Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close