New Smart Phishing: Hackers targeting energy companies, including nuclear power and other critical infrastructure providers, use an attack technique.
The electronicfishing” ή phishing είναι από τις πιο δοκιμασμένες και πιο επιτυχημένες μεθόδους επίθεσης. Οι κυβερνοεγκληματίες δημιουργούν μια κανονική διεύθυνση ηλεκτρονικού ταχυδρομείου και αρχίζουν την αποστολή μηνυμάτων που περιέχουν κάποιο malicious attached.
When the victim makes the mistake of opening or running the attachment, the computerIt will be filled with malware from some remote server. This is how most ransomware, data theft, or some other form of attack is carried out.
But attackers are now able to carry out attacks phishing without having to attach a malicious file. Instead, they allegedly download an injection template file over an SMB connection and obtain the victim's credentials without anyone knowing, the researchers report Talos Intelligence.
This method of attack is currently used only for data theft, but researchers warn that it could also be used for other malware.
The attack is the latest that has been discovered by a series of attacks exploiting malfunctions of the SMB, although in contrast to Petya or WannaCry, there is no relationship between him and him EternalBlue, the NSA that had been used for the global ransomware attacks we saw a while ago.
Attacks on critical infrastructure are not a new phenomenon, but since May of 2017 hackers have been using this new technique to target power companies around the world, mainly in Europe and the United States, to steal the credentials of those who work critical infrastructure.
At present it is not known who is behind these attacks or from where they start.
As with other phishing attacks, this attack uses target-related emails to entice them. They are often claimed to be messages that contain a CV in an attached Word document.
Researchers report that these documents did not initially contain malicious macros that we are accustomed to in this type of attack. However, the attachments seem to download a template file from a specific IP address. The researchers found instead of the code instructions for a template injection, which creates a connection to an external SMB server.