When you think about phishing attacks, most people think the ultimate goal is to get the victim’s credentials and use them to possibly impersonate them or steal their money. And mostly, that’s true. We hardly ever think that the ultimate target of a phishing attack might be an inanimate object. But more and more it’s becoming the case. And it’s getting pretty frightening.
There’s a report out this week that “A ransomware infection at a natural gas compression facility in the United States resulted in a two-day operational shutdown of an entire pipeline asset, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) revealed on Tuesday.”
The agency said “the attackers used spear-phishing to gain initial access to the facility’s IT network, after which they managed to make their way to the OT network. The hackers then deployed commodity ransomware that encrypted files to Windows machines on both the IT and OT networks.”
Natural gas stopped moving because of a phishing attack at a compression facility. According to the article, “A compression facility helps transport natural gas from one location to another through a pipeline. Natural gas needs to be highly pressurized during transportation, and compression facilities along the pipeline help ensure that it remains pressurized.”
How important is natural gas to our everyday lives? Well 85% is used for electric power, transportation and home heating. In other words, without natural gas, most people would be sitting in cold, dark homes with no internet. You probably don’t think about that when you think of phishing attacks.
This isn’t the first time gas pipeline firms were affected by a cyberattack. And it’s not just gas pipelines. Another story this week details how “Vulnerabilities Allow Hackers to Access Honeywell Fire Alarm Systems.” Fire alarms!
In some ways it’s surprising that these critical infrastructure companies have not yet taken advantage of low-cost, easy-to-deploy email security like that available from PhishProtection.com. Afterall, what these attacks have in common is that they begin with an employee clicking on a link in an email they shouldn’t have. And Phish Protection keeps that from happening.
No matter what it costs to protect one of these companies from phishing attacks, it would be worth it, given how critical they are. And yet, protection only costs pennies per employee per month. I wonder how much it cost to shut down that pipeline for a few days?
Whether your organization is part of critical infrastructure or not, there’s just no excuse today to fall victim to a phishing attack. Phish Protection requires no hardware, software or maintenance and sets up in just 10 minutes. It works with all mail services, comes with 24/7 technical support and you can try it risk free for 30 days. Don’t wait until your cold and in the dark. Get Phish Protection today.