New ‘Uncle Scam’ Cyberattack Targets U.S. Government Contractors

Hands of cyber criminal at laptop. Uncle Scam' campaign uses sophisticated phishing to target contractors, bypassing traditional defenses.

Cybercriminals are escalating their game, deploying more complex methods to launch phishing attacks. A case in point is the recent ‘Uncle Scam’ campaign that targeted contractors seeking contracts with the U.S. government. This campaign, discovered by Perception Point researchers, leverages advanced technologies to circumvent traditional security defenses and deliver highly convincing phishing emails. As cyber threats like malware, ransomware, and nation-state attacks surge, asset owners and operators are giving supply chain security top priority.

The ‘Uncle Scam’ Campaign: A Closer Look

The ‘Uncle Scam’ emails lure recipients to bid on federal projects, but clicking the link redirects users to a fake GSA website. This counterfeit site closely mirrors the authentic one, complete with navigation links and a search bar that directs users to real GSA pages. The campaign’s effectiveness lies in its misuse of Microsoft’s Dynamics 365 Marketing platform. Attackers use the domain “dyn365mktg.com,” associated with Dynamics 365, to send malicious emails. This domain is pre-authenticated by Microsoft, allowing phishing emails to bypass spam filters and land in recipients’ inboxes.

Transforming Cybersecurity Strategies in ICS Procurement

In response to such threats, cybersecurity strategies within Industrial Control Systems (ICS) procurement are undergoing significant transformation. Procurement professionals play a pivotal role in enhancing cybersecurity by collaborating with IT departments to identify and address cyber risks in procurement operations. This involves ensuring that software and hardware are sourced from trusted suppliers and are scanned for security vulnerabilities.

The Role of Procurement in Enhancing Cybersecurity

Procurement strategies must also adapt to the unique challenges faced by the Banking, Financial Services, and Insurance (BFSI) sector, which is a prime target for cyber threats. Procurement teams can mitigate these risks by driving discussions on cyberattacks and innovative ways to combat data leaks. They should ensure that suppliers provide regular audit reports certifying their security levels and empower procurement to terminate contracts if security breaches occur.

The Evolving Regulatory Landscape

The evolving regulatory landscape is reshaping ICS procurement strategies, with a strong emphasis on compliance, secure development practices, and proactive collaboration between asset owners and vendors to enhance supply chain security and mitigate cybersecurity risks. By adopting these strategies, organizations can effectively mitigate cybersecurity risks and ensure a secure and resilient ICS procurement process.

Blueprints

Newsletter