Article Title: “Nuclear operators urged to tackle growing threat from cyber attack emails.”
Author: Neil Ford
Valley Contributor: Scott Zimmerman, Cybersecurity Program Head
Nuclear plant operators should prioritize the training of staff against spearfishing emails which present a significant and evolving threat to data security, Scott Zimmerman, cyber security lead at non-profit research group Concurrent Technologies Corporation, told Nuclear Energy Insider. “Privileged access is alluring bait to attackers targeting critical infrastructure and can help bypass the time-consuming process of gaining external access”, Zimmerman said.
Spearfishing emails can originate from “compromised legitimate accounts or from seriously well-crafted phishing emails from what appear to be legitimate organizations such as shipping and delivery companies,” he said. Across all industries, some 66% of malware is installed via malicious email attachments, according to Verizon’s 2017 Data Breach Investigations Report. “The initial email is typically followed by tactics aimed at blending in, giving the attacker time to collect the data that they need,” Verizon noted.
According to US-CERT, recent cyber attacks used email attachments to leverage legitimate Microsoft Office functions to retrieve a document from a remote server. The hackers used a combination of authentication protocol and password cracking techniques, it said.
Nuclear operators should allocate appropriate resources to training staff against the latest cyber attack measures, Zimmerman said.
“I didn’t come up with the phrase, but I am always reminded: ‘people make bad firewalls, but they are trainable’,” he said.
Consistent user awareness training, updated and patched systems and tools, and awareness of the latest phishing trends are the most important anti-phishing measures, Zimmerman said.