The latest incident response report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) — part of DHS — warns of an ongoing cyberattack against the computer networks of US natural gas pipeline companies.ICS-CERT says it first identified an active series of cyber intrusions targeting natural gas pipeline sector companies in March. Various sources provided information to ICS-CERT describing targeted attempts and intrusions into multiple natural gas pipeline sector organizations, the report says. Analysis of the malware and characteristics of the attacks link it back to a single campaign, ICS-CERT added.Here’s the rest of the alert:The campaign appears to have started in late December 2011 and is active today. Analysis shows that the spear-phishing attempts have targeted a variety of personnel within these organizations; however, the number of persons targeted appears to be tightly focused. In addition, the e-mails have been convincingly crafted to appear as though they were sent from a trusted member internal to the organization. ICS-CERT has issued an alert (and one update) to the US-CERT Control Systems Center secure portal library and also disseminated them to sector organizations and agencies to ensure broad distribution to asset owners and operators. While ICS-CERT strives to make as much information publicly available as possible, the indicators in these alerts are considered sensitive and cannot be disseminated through public or unsecure channels.ICS-CERT is currently engaged with multiple organizations to identify the scope of infection and provide recommendations for mitigating it and eradicating it from networks. ICSCERT has conducted a series of briefings across the country to share information related to the intrusion activity with asset owners/operators. ICS-CERT will continue to work with private sector and government partners to respond to this and other cyber threats. Asset owners/operators who would like access to the portal or to the alerts can contact ICS-CERT at ics-cert@hq.dhs.gov. Alternatively, they can work with their sector Information Sharing and Analysis Center (IS AC) or sector source for cyber alerts and information sharing to obtain the ICS-CERT Alerts. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe