Homeland Security Warns of Hurricane-related Cyberattacks

With Hurricane Irene approaching the eastern seaboard of the United States, the US Department of Homeland Security last week took the unusual step of issuing a warning to both government agencies and private companies. You can read the full alert at this link (pdf) DHS cautioned users to be wary of phishing email messages related to the hurricane and other national disasters, as well as indicating that administrators should be on heightened alert status in the event increased cyberattacks should occur.

Long considered a problem only for consumers, phishing attacks have been responsible for several recent high-profile attacks on government agencies like the Pacific Northwest National Lab and Oak Ridge National Laboratory, security vendor RSA (a division of EMC) and Epsilon. With the success of these phishing attacks, admins reading this post should seriously consider raising awareness amongst their own users too, both to protect company resources, and to assist their users with protecting themselves.

However, the earthquake and tsunami that devastated Japan earlier this year were almost immediately followed by a rush of phishing emails trying to exploit users’ sympathies and charitable intentions, and websites set up to support these phishing campaigns. Many of the emails tried to get money out of the targets for the attacks, while others tried to inject malware by masquerading as videos or images from the disasters.

Cyber attacks against infrastructure based on the East Coast of the United States may also go up during the hurricane. Many companies took the preemptive action of implementing disaster recovery plans, or shifting their operations to secondary datacenters and moving key personal out of the path of the storm. As a result, security operations center personnel might be on reduced staffing levels, or focusing their attention on other needs to assist with storm preparations.

Supporting my personal belief that spammers and spear-phishers are a lower form of life than the rest of us, we’ve seen a growing trend over the past few years of phishing emails that purport to be pleas from charitable organizations asking for financial assistance. These emails usually include a story about someone who has been affected by the disaster in question, and use names similar to recognized charities. Many times, they will carry links to phishing sites made up to look like the charity’s homepage, with a link to provide donations.

While neither the earthquake nor the hurricane have been significant enough to cause wide-spread destruction (though to those who were affected, I’m sure it was a significant event, and our thoughts and prayers go out to them), they have received more than enough media coverage to make a request for help from a charity seem legitimate. For years, I have seen an uptick in hacking activities during the US holiday season, particularly on “Black Friday” and the week between Christmas and New Year’s, when staffing is traditionally lower than normal, and those who are on duty are distracted by other things.

I haven’t  personally seen an uptick during hurricanes or blizzards yet, but I will be paying much closer attention to the logs from this past weekend, and reminding my users that if they wish to help charities with their disaster relief activities, there are legitimate ways to do so through their websites, and that these organizations will not email them asking for assistance.

If you would like to help out with disaster recovery activities, please consider the American Red Cross. You can donate money, time, or blood, all of which are in need. Visit their website at http://www.redcross.org/.