Symantec Report on Chemical Industry Phishing

Symantec published a report earlier this week about an attack on the Chemical Industry.   They call this attack Nitro.

In one example of the attack, an encrypted 7zip file is used.   Encryption prevents scanners from examining the contents of the file.

Some SMTP gateways, block encrypted files by default.   Most places find that hurts productivity more than it helps.

PhishMe asks if your employees have been trained on how to respond to password protected files.   Their phishing training can cover this.

A third option is to look at a vender who will use every word in the message body as a password on the encrypted file.   This doesn’t help in attacks where the password is in a second email.   One could also wonder if you’re specifically targeted will the attacker try to obfuscate the password in some manner so it one pattern is visible to the user while a computer would read it a different way.   Would a passphrase confound this type of attack?   Obviously the file must be detectable as a virus by whatever Antivirus you are using as well.

The most basic phishing awareness would foil the pictured email.   No major vender would be mailing you patches.