The State of Michigan was hit with a new phishing attack yesterday, and thanks to some very quick response and excellent work by several internal teams within our Michigan Department of Information Technology (MDIT), we dodged a major bullet. The majority of the email attacks came with variations on the headlines "CNN.com: The Daily Top 10." The Sunbelt Blog describes this fake CNN email phishing scam in detail.
Although we block over 90% of incoming email into Michigan State Government with our spam blocking processes, these emails got through to most state employees yesterday. Some employees clicked, and a few machines got infected and needed to be rebuilt. We were able to block malware downloads for hundreds of others who fell for the tempting headlines and clicked on the video link feeds.
We also deleted the emails from thousands of inboxes and ensured that these incoming fake emails were blocked going forward. As of late yesterday, we had blocked hundreds of thousands of these fake emails that were trying to enter state government email boxes.
Thankfully, no sensitive data was lost, and we avoided any network or systems outages. Our teams have come a long way in the past few years regarding incident response, resiliency and recovery, and this type of attack would have devastated us a few years back.
Other states are telling me that they were seeing the same attacks, and an Multi-State Information Sharing and Analysis Center (MS-ISAC) call was planned for Thursday afternoon (8/7) to discuss the situation further between states and local governments. In Michigan, we are also tracking several phishing attempts with various "Beijing Olympics" email subject headings.
As experts predicted last week, this is a very dangerous time for government networks, and enterprise administrators need to be on full alert for various new attacks during August.
All of these big events create new opportunities for the "bad guys" to distract users and gain unauthorized access. I'll cover this later, but expect similar techniques to be used for the upcoming political conventions.
Leave a comment