Red Teams collecting organization charts
Mark Leininger, Fermilab's computer security manager, wrote this column.
The Department of Energy's Red Teams, groups of cyber security experts who work to test the cyber security at national laboratories, are on site.
There is evidence Red Teams are downloading organization charts from laboratory Web servers. Organization charts can provide useful information that Red Teams can use to launch social engineering and phishing attacks. For example, you may receive e-mail that appears to come from your supervisor with copies to other group members. This is done to make the e-mail appear authentic so that you will open attachments or click on links. Follow your intuition when you get e-mail that doesn't feel right, either because it contains unexpected subject matter or uses uncharacteristic writing style.
This kind of attack is especially difficult to detect in our environment because large groups of collaborators work together to share research information and may not know each other well enough to detect subtle changes in e-mail.
Below are actions to take if you question the authenticity of an e-mail. If you know the sender, contact them and ask if they sent you the e-mail. If the message is believable, but you don't know the sender, don't reply to the sender. If you recognize anyone on the cc: list, contact them to see if they can increase your confidence in the e-mail's authenticity. If you become convinced that a message is not authentic, please report it to the computer security team either by calling x2345 or e-mailing firstname.lastname@example.org. Do not forward the the suspect e-mail until you receive instructions on how to handle it. Note that although spam e-mails are a nuisance, they are not computer security incidents. Don't reply to spam, open spam attachments or click on links in spam e-mails.
It is safest to read e-mail as text only and turn off image display options. Your machine can get infected by reading an e-mail in html mode, particularly if images are displayed. Avoid sending e-mail in html format. This can tempt recipients to turn on html to view the formatting in your message. If you have a document that requires formatting, either send a link to the document or send it as an attachment.
Please be particularly alert during the next few weeks.