New clever phishing method: Hackers targeting energy companies, including nuclear and other critical infrastructure providers, are using a technique attack.
Phishing is one of the most tried and tested methods of attack. Cybercriminals create a regular email address and start sending messages containing a malicious attachment. 
When the victim makes the mistake of opening or running the attachment, the computerIt will be filled with malware from some remote server. This is how most ransomware is trafficked, it takes place theft data, or some other form of attack.
However, attackers are now able to carry out phishing attacks without having to attach to a malicious file. Instead, they allegedly download a template file injection via an SMB connection and obtain the victim's credentials without anyone understanding, her researchers said. Talos Intelligence.
This method of attack is currently used only for data theft, but researchers warn that it could also be used for other malware.
The attack is the latest that has been discovered by a series of attacks exploiting malfunctions of the SMB, although in contrast to Petya or WannaCry, there is no relationship between him and him EternalBlue, the NSA that had been used for the global ransomware attacks we saw a while ago.
Attacks on critical infrastructure are not a new phenomenon, but since May of 2017 hackers have been using this new technique to target power companies around the world, mainly in Europe and the United States, to steal the credentials of those who work critical infrastructure.
At present it is not known who is behind these attacks or from where they start.
As with other phishing attacks, this attack uses target-related emails to entice them. They are often claimed to be messages that contain a CV in an attached Word document.
The researchers report that these documents initially did not contain any evidence of malicious macros that we are used to in this type of attack. However, the attachments appear to download a template file from a specific IP address. In the archive the researchers found instead code, instructions for a template injection, which creates a connection to an external server via SMB.
