USCG brings to light several cyber events involving increasingly sophisticated malicious email spoofing techniques, after spoofing attacks occurred that impersonated the Coast Guard’s email.
Specifically, the types of reported spoofing attacks included impersonating Coast Guard (uscg.mil) email addresses, and Coast Guard industry communications regarding Area Maritime Security Committee meetings.
In one case, the opening of a malicious file caused a network compromise that resulted in additional spoofed emails that were sent to MTS port partners. These types of attacks have potential cascading consequences, and impacted organizations should immediately notify all affected stakeholders and local authorities. Coast Guard units along with Maritime Transportation Security Act (MTSA) regulated facilities and vessels should be on high alert and remain vigilant for similar cyber threats within your areas of responsibility.
Therefore, the USCG recommends the following tips:
- Technical Controls: Official Coast Guard emails use Domain-based Message Authentication Reporting and Conformance (DMARC) as an authentication method for protection against spoofing. It is highly recommended that organizations consider implementing DMARC to help ensure all emails that appear to come from the Coast Guard, and other official sources, pass the Sender Policy Framework/Domain Keys Identified Mail ( SPF/DKIM) checks to confirm origin.
- User Awareness and Training: Employee awareness and engagement is key to effective cybersecurity protection. It is strongly recommended that organizations implement Information Technology (IT) Security Awareness training programs.
- Collaboration with IT Staff: It is highly recommended that Facility Security Officers and Vessel Security Officers quickly collaborate, and socialize this MSIB with IT staff, to best address mitigating strategies for responding to and protecting against similar cyber threats within your organizations.
