NEW YORK STATE OFFICE OF INFORMATION TECHNOLOGY SERVICES INFORMATION BULLETIN
DATE ISSUED: September 2, 2013
SUBJECT: Targeted Spear-phishing Attacks Against NYS
The EISO’s Cyber Security Operations Center has been provided information from a trusted third party that NYS is being targeted in a series of spear-phishing attacks. These attacks appear to be designed to capture accounts and passwords for ny.gov email accounts. The information provided at this time indicates that the actors initiating these attacks have established websites that mirror legitimate webmail password change pages to trick a user into entering his or her credentials. The spear-phishing emails are sent from accounts that, at a glance, appear to be legitimate helpdesk or IT support accounts. The emails are likely to include text that suggests the user’s password is expiring or needs to be changed. The specific sources, methods, and details of these spear-phishing emails are very likely to change rapidly and, consequently, it is essential that all staff be aware of the ongoing threat of spear-phishing attacks and be able to recognize such attacks. Privileged accounts such as those relating to content management and those of systems administrators are likely to be a major target for these attacks, although any account will provide the attacker with access to the network.
It is recommended that this information be distributed to all staff.
We recommend the following actions be taken:
· Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
· Remind users not to open email attachments from unknown users or suspicious emails from trusted sources.
· Users should check the from address for a complete email address to ensure it is from a valid source.
· Users should check URLs before entering account information to ensure they are on the correct website and were not redirected.
· Do not reuse passwords for multiple accounts.
· Review email forwarding rules if you believe you have been compromised.
· Any suspicious email related to password changes should be forwarded as an attachment to email@example.com for analysis
New York State Office of Information Technology Services (ITS)
Enterprise Information Security Office (EISO)
1220 Washington Avenue
State Office Campus Building 7A
Albany, NY 12242
Last modified: Sep 4, 2013