Hackers are using this new attack method to target power companies

Hackers are using this new attack method to target power companies

Hackers are using this new attack method to target power companies

Hackers are using this new attack method to target power companies.

These phishing emails being employed to steal credentials from crucial infrastructure companies will taciturnly harvest knowledge while not even victimization macros, warn researchers.

Hackers square measure targeting energy firms together with those operating in the nuclear energy and alternative crucial infrastructures suppliers with a method that puts a brand new spin on a tried and tested kind of cyber attack.

Phishing has long been a roaring technique of attack, with cybercriminals crafting a legitimate trying email and causing it to the meant victim alongside a malicious attachment. This, once dead, can run the code for dropping malware, be it for ransomware, steal knowledge, or alternative kind of attack.

But currently attackers square measure capable of running these phishing campaigns while not the requirement for malicious code embedded in AN attachment, instead of downloading a model file injection over AN SMB affiliation to taciturnly harvest credentials, say researchers at Talos Intelligence.

While the attack technique is presently solely accustomed steal knowledge, researchers warn it may well be utilized to drop alternative malware.

It's the latest in a very string of attacks that have exploited SMB flaws - though, in contrast to Petya or WannaCry, there is no proverbial relation between this and EternalBlue, the leaked National Security Agency windows exploit that has been accustomed perform international ransomware attacks.

Hackers are using this new attack method to target power companies

Cyber attacks against crucial infrastructure don't seem to be a brand new development, however, since could 2017 hackers are victimization this new technique to focus on energy firms around the world, predominately in Europe and therefore us, with the goal of stealing credentials of these operating in crucial infrastructure. It's unknown UN agency is behind the attacks or wherever they are primarily based.

Like alternative phishing campaigns, this attack uses emails relevant to the targets as a lure, during this instance typically claiming to be environmental reports or a CV/resume with AN hooked up Word document that tries to reap knowledge once opened.

Researchers say these documents ab initio contained no indications of compromise or the malicious macros related to this type of campaign. However, the attachments look to transfer a model file from a specific IP address, that researchers found rather than code, contained directions for a model injection, establishing the affiliation to AN external server over SMB.

However, whereas the attack is performed by exploiting SMB, the phishing itself is handled over HTTPS, and therefore the user credentials square measure harvested via Basic Authentication with a prompt for the credentials.

Talos has competent the attacks by contacting affected customers and guaranteeing "they were responsive to and capable of responding to the threat".

The researchers conjointly say this threat "illustrates the importance of dominant your network traffic and not permitting outward-bound protocols like SMB except wherever specifically needed for your environment".

However, Talos says it's unable to share all indicators of compromise or UN agency specifically has been targeted thanks to the "the the character within which we have a tendency to obtained intelligence associated with these attacks".