This attack against a steel factory in Germany is frightening. The attackers reportedly gained access first to an office network via a targeted or "spear" phish and from this lauch point, to a production network, where they caused compromised systems to fail. These failures reportedly interfered with the normal, "controlled" shutdown of a blast furnace which caused “massive damage to the plant".
This is a sobering example of just how extensive the damage from a targeted "spear phish" can be. Pre-911, I consulted for a F500 corporation on risk mitigation resulting from attacks against process control systems. One of the risks that we had identified at that time was the possibility that malicious, criminal, terrorist, or disgruntled insider actors could (remotely) gain access to systems that monitored or controlled manufacture and cause them to fail/overheat/explode. It's not at all comforting to read about an attack that's frighteningly similar to what we were then modeling as hypothetical.
- Make a point of familiarizing your workers with how current events figure into spear phishing social engineering tactics. Develop an awareness campaign to teach workers how they can avoid being spearphished.
- Spear phishing and often accompanying advanced persistent threat attacks seek ways to exploit compromised accounts to penetrate infrastructure, financial, or business critical networks from "office networks". Examine your network topology, data protection and user account management to see if further compartmentalization can limit or contain successful attacks.