Mandiant has published a report describing phishing emails that have breached organizations in the industrial sector. Mandiant explains that the majority of phishing attacks are untargeted and opportunistic. Most attackers wait to see which organizations they can compromise, and then decide how to monetize their successful attacks.
“Most of the phishing activity we observed across our industrial-themed phishing samples was distributed en masse,” the researchers write. “Opportunistic phishing attempts often use weaker methods that are easily detected and blocked by automated systems such as enterprise email scanning solutions or endpoint protection software. Most often, this activity is associated with common financial crime schemes such as BEC, credential phishing, money mule and shipping scams, IT remote access or individual extortion and fake blackmail.”
When phishing attacks breach organizations that work in the industrial sector, the attackers can sell their access to threat actors that are interested in carrying out more targeted attacks against operational technology (OT) systems.
“Groups involved in opportunistic phishing typically hold no interest in specific industries or organizations,” Mandiant says. “However, actors that succeed in compromising industrial victims could then take advantage by selling the access to other actors at a premium if they realize that it provides potential access to OT. Regardless of the complexity of a phishing compromise, a successful attack can help actors cross the initial borders of target networks without attracting attention.”
Mandiant notes that phishing is one of the easiest ways to breach an organization.
“Both sophisticated and simple network intrusions require threat actors to identify a means of initial access, and these actors frequently turn to phishing attacks,” the researchers write. “As such, OT defenders need to reconsider how to detect and hunt for industrial-targeted phishing. Setting up mechanisms to identify early compromises that pose a risk to OT helps defenders decrease the risk of minor threats evolving into impactful events that disrupt production processes.”
New-school security awareness training can give your organization an essential layer of defense by enabling your employees to recognize social engineering attacks.