The Department of Homeland Security (DHS) issued an alert Monday encouraging organizations to view the guidance published by the Australian Cyber Security Centre (ACSC) on steps organizations can take to mitigate risks posed by malicious email.
According to DHS, Between June and July 2015, the United States Computer Emergency Readiness Team (US-CERT) received reports of multiple, ongoing and likely evolving, email-based phishing campaigns targeting U.S. Government agencies and private sector organizations.
The alert provides general and phishing-specific mitigation strategies and countermeasures.
US-CERT said it is aware of three phishing campaigns targeting U.S. Government agencies and private organizations across multiple sectors.
All three campaigns leveraged website links contained in emails; two sites exploited a recent Adobe Flash vulnerability (CVE-2015-5119) while the third involved the download of a compressed (i.e., ZIP) file containing a malicious executable file.
Most of the websites involved are legitimate corporate or organizational sites that were compromised and are hosting malicious content, said US-CERT.
- Implement perimeter blocks for known threat indicators:
- Remove malicious emails from targeted user mailboxes based on email indicators (e.g., using Microsoft ExMerge).
- Identify recipients and possible infected systems
For systems that may be infected:
- Capture live memory of potentially infected systems for analysis
- Take forensic images of potentially infected systems for analysis
- Isolate systems to a virtual local area network (VLAN) segmented form the production agency network (e.g., an Internet-only segment)
- Organizations should remind users that they play a critical role in protecting their organizations from cyber threats.
Practicing basic cyber hygiene would address or mitigate the vast majority of security breaches handled by today’s security practitioners.