The state of Oregon continues efforts to resolve an email issue with the oregon.gov domain that is still preventing communication from state employees.
On 19 June, Oregon Live reported that agency directors across the state of Oregon received a message alerting them to a phishing attack that generated over eight million spam emails from an oregon.gov email address.
“This happened over the weekend and was caught on Monday. Unfortunately, we did not catch it before external mail providers downgraded the Oregon.gov sender reputation score – a score that shows how mailbox providers view your IP address. As a result of this incident, mail from Oregon.gov has been blacklisted by certain providers,” the message said.
Email providers, including Outlook, MSN, Hotmail and Live, have blacklisted emails attempting to come in from Oregon’s state email domain. As a result, mail from any state employee sent to those email domains will not be received.
State employees were reportedly told by Amy Williams, a spokeswoman for the Department of Administrative Services (DAS), that they may have to use an alternate email address. Williams also suggested that members of the public attempting to contact state employees should include phone numbers in their emails.
While Gov. Kate Brown reportedly declined to comment on the status of the cybersecurity posture of the state of Oregon, DAS is working with the Department of Enterprise Technology Services and the Enterprise Technology Office to rectify the situation. The attack on state email addresses serves as a reminder that phishing campaigns are rampant and sophisticated.
“Emails from a well-known and trusted sender are likely to be acted on by a person of that organization. Without the use of specialized email defenses and multifactor authentication, it is not surprising that these types of attacks are growing quickly globally,” said Matthew Gardiner, cybersecurity expert at Mimecast.
“Attackers love to steal users’ email log-in credentials from organizations such as the state of Oregon as this access can be used to quickly pivot the attack to breach other organizations that regularly do business with the state. This technique forms the basis of many supply-chain style attacks.”