Carnegie Mellon University Website Home Page
 

SECURITY ADVISORY: Spear Phishing Attacks Targeting Intellectual Property

(US Eastern Time)
DAY: Tuesday
DATE: June 26, 2012

WHOM DOES THIS AFFECT?

Students, faculty and staff members

SUMMARY:

Last month, a message from Joel Smith, Vice Provost for Computing Services and CIO, was sent to the university community regarding an increase in targeted phishing attacks against Carnegie Mellon. While these phishing campaigns typically target Andrew account passwords, Carnegie Mellon is now seeing phishing attacks potentially aimed at intellectual property theft.

Earlier this month, security analysts discovered a spear phishing campaign targeted at US government contractors and service providers within the industrial control systems community. Carnegie Mellon was one of several universities targeted by these attacks. These particular phishing emails pretended to be from familiar acquaintances. 

Furthermore, the messages contained a link to what appeared to be a PDF file about staffing changes, but actually downloaded malicious software.  If installed, the software provides remote access to the compromised computer.  

WHAT YOU NEED TO DO:

The Information Security Office has already been in contact with those individuals believed to be affected.  If you have not been notified but are concerned, contact the Information Security Office at iso-ir@andrew.cmu.edu and/or your local IT support provider.

Continue to use caution when clicking on links and opening attachments included in unsolicited email.

Safeguard sensitive research and other data. The Information Security Office publishes Guidelines for Data Protection in support of the university’s Information Security Policy.

http://www.cmu.edu/iso/governance/guidelines/data-protection/

Learn how to detect phishing emails and phishing websites.  Anti-Phishing Phil and Anti-Phishing Phyllis are two resources available from the Information Security Office.

http://www.cmu.edu/iso/aware/phil/
http://www.cmu.edu/iso/aware/phyllis/

MORE INFORMATION:

For more information on this recent phishing attack, visit the following resources:

https://threatpost.com/en_us/blogs/attacks-targeting-us-defense-contractors-and-universities-tied-china-061312

http://labs.alienvault.com/labs/index.php/2012/unveiling-a-spearphishing-campaign-and-possible-ramifications/

CONTACT:

If you suspect that you have fallen prey to a phishing attack, contact the Information Security Office at iso-ir@andrew.cmu.edu and/or your local IT support provider.

Please direct any general questions or comments to the Computing Services Help Center (412-268-HELP or it-help@cmu.edu) or to your departmental administrator or DSP consultant.