In our previous article, we laid the groundwork for what we believe to be a serious threat to ICS/SCADA devices: social engineering. We continue here with some definitions, some of which you may already know. 


Phishing is a relatively broad term for any attempt to trick victims into sharing sensitive information, such as passwords, usernames and credit card details. The intent is almost always malicious. Another characteristic of phishing is that it tends to be random, usually exploratory in nature, as opposed to a targeted act. Instead of targeting a specific individual or group of individuals, phishing tends to target multiple victims from within the same organization. Think of phishing as the “throwing spaghetti on the wall and whatever sticks” approach.


Spear-phishing is a much more targeted form of phishing. Spear-phishing attempts are designed to appear as though they are coming from somebody the recipient knows and trusts, including a colleague, business manager, the human resources department, or somebody personally associated with the potential victim. Similarly, spear-phishing attacks will likely target an individual or small group of individuals.

The better spear-phishing attempts even include a subject line or content that is specifically tailored to the victim’s known interests or industry. If a malicious actor is determined enough, they will data mine a victim’s public profiles like Facebook, LinkedIn, Twitter, or Instagram to get a better sense of what the potential victim may fall for.

Ultimately, the intent is to gain as much intelligence as possible (the higher value the target, the deeper the malicious actor will go in their data mining) by leveraging names of trusted people within the victim’s circle or to grab their attention in some other form (such as a newsletter from an industry publication or a bank alert). Anything that will elicit (Read more...)