Critical Infrastructure Systems Seen as Vulnerable to Attack (http://bits.blogs.nytimes.com)
03/15/2013 – Cyber Security
The vast majority of targeted computer attacks now start with a malicious e-mail sent to a company employee. Now evidence suggests that the same technique could be used to attack watersheds, power grids, oil refineries and nuclear plants.
Attackers increasingly use so-called spearphishing attacks, in which they send employees targeted e-mails — often from an e-mail address that matches the name of a colleague, supervisor or chief executive—that contains malicious code. One click is all it takes for an attacker to steal an employee’s administrative passwords, turn their machine into a recording device, and see everything they do.
Night Dragon, a series of computer attacks that hit oil, gas and chemical companies in the United States two years ago, used spearphishing. So did Shady Rat, another extensive digital espionage campaign discovered in 2011 that went after 70 government agencies, corporations and nonprofits in 14 countries. Spearphishing is so easy to deploy and effective that 91 percent of targeted attacks start with malicious e-mails, according to TrendMicro, a computer security firm with headquarters in Tokyo.
(Continue reading at http://bits.blogs.nytimes.com)
My Two Cents: This is a very informative article on Critical Infrastructure Systems Seen as Vulnerable to Attack. “But all it takes is one click for an attacker to get inside a system.” – Scary!