For most of you this should be something you already know by now.
But considering the potential severity, it is always worth an occasional reminder.
You may not be operating a plant using software as the article link below depicts and may not be in danger of a similar “worrisome” incident. But the main point is that the attack vector remains the same as has been common in recent years and warrants some understanding of how dangerous malware can be. It can indeed be troublesome, even for you!
It starts through targeted phishing via emails (or Spear Phishing). The targeting keeps gets “smarter” and is therefore more deceptive as it may coincide with actual activities you have, such as online orders or other routine tasks. It may even use data stolen from other data breaches in order to fool you into “clicking though”.
So - always be on guard for suspicious emails - even when it seems to be from someone you know, which can easily be faked in email headers. Always use a proactive approach and look for independent verification without responding to - or even opening - any eMail of concern. Independent verification? Simply, that would be going to the official “claimed” source vs taking anything in the email as valid.
The article below was released recently, but is regarding a threat that’s been around for a while, gaining momentum.
Scary stuff from MIT Technology Review…
(the title is not an overstatement)