ONG-ISAC & INKY Webinar

Posted on Jan 27, 2022

Title: Detection and Mitigation of Phishing Exploits in the ONG Industry

CPE Credit: 1 hour

Abstract:

This talk described the four case studies identified by INKY. Plus, discussed tactics, techniques, tools, and origins of these potentially destructive campaigns and discuss threat intelligence response tactics and strategy.

You could say 2021 was the year that phishing became an industry.  During the year, the volume, variety, sophistication, and impact of phishing attacks all rose dramatically as black-hat players organized themselves around what they saw as a fast-growing opportunity.  Specialists arose in all areas as phishing/malware/ransomware-as-a-service became a reality.  The impact of ransomware payloads attached to phishing exploits was felt worldwide as critical infrastructure went under attack.  Such attacks were the main driver behind the dramatic increase in financial penalties suffered by corporate victims.

In this environment, Oil and Natural Gas (ONG) companies became prime targets for phishing attempts.  Of course, the entire industry is aware of the mostly successful Colonial Pipeline takedown.  But many other firms underwent assaults that had less draconian results, some thanks to tools that identified the phishing email that could have led to a ransomware lock-up and took remediation measures to make sure it didn’t.

INKY identified four distinct examples of an attack against ONG targets this year, attacks that involved email masquerading as

  1.  A fake invoice,
  2. A bogus voicemail notification,
  3. A phony password expiration notice, and
  4. A sham fax notification.

In all cases, the email had slipped past the target’s secure email gateway (SEG) but was caught by INKY.

It’s fair to say over the past year this problem has only gotten worse.  With the lack of intelligent anti-phishing measures, all it takes for a ransomware attack to succeed is one heedless email recipient not paying attention.  Together, mitigation and awareness training reduce such a possibility.

Presenter:

Roger L. Kay learned how to turn a phrase while running a weekly newspaper. He’s also a former Motorolan who got an MBA at the University of Chicago en route to becoming IDC’s top analyst for the PC industry before opening his own shop, Endpoint Technologies Associates, Inc., in 2005. In 2020, he took up the cause of anti-phishing when he joined INKY as its Vice President to Security Strategy.