Social Engineers Target Utilities

uscert2The U.S. Cyber Emergency Response Team (US-CERT) recently warned that cyber criminals are attempting highly targeted social engineering attacks on operators of Industrial Control Systems (ICS).  ICS are very present in Utility firms. The attacks are in the form of phishing phone calls allegedly coming from "Microsoft Server Department" and warning of infected PCs. The attacker attempts to have the utilities turn on services which would allow unauthorized remote access

HINT: Microsoft is not going to call you unless you specifically requested to be called. (see also US Utilities Under Daily Cyber-attack)

Social engineers often send emails, hoping for a bite, or a link to clicked, or a download to be opened. However it is accomplished, as was seen twice at DefCon, social engineering is lethal to corporate America. Scams involving phishing phones calls purportedly coming from Microsoft tech support have been around for years.

While phishing calls are old tricks, the US-CERT Control Systems Security Program (CSSP), which aims to reduce ICS risks to critical infrastructure, found the events important enough to point out the "need for continued vigilance for everyone involved in critical infrastructure, particularly regarding recognition of social engineering attempts."

The utilities receive a call from a representative of a large software company — allegedly, the one that sold them the operating system on their computers — warning them their PCs have viruses and to take a series of steps so the caller can help the operator fix the problem. The calls purport to be from the "Microsoft Server Department" informing the utilities they have a virus. The caller tries to convince the utility operators to start certain services on their computer (likely, those services would allow unauthorized remote access).

Source: US-CERT: Social engineers target utilities with fake Microsoft support calls - (

Print   Email