New smart phishing method: The hackers that target energy companies, including nuclear power and other critical infrastructure providers, use an attack technique.
Electronic "fishing" or phishing is one of the most tested and most successful attack methods. Cybercriminals create a normal email address post officeand they begin the mission messages which contain some malicious attachment.
When the victim makes the mistake and open or run the attachment, his computer will fill malicious software from a remote server. This is how most ransomware is trafficked, data theft, or some other form of attack.
However, attackers are now able to carry out phishing attacks without having to attach a malicious file. They are reportedly downloading one instead template file injection via an SMB connection and obtain the victim's credentials without anyone knowing, the researchers report Talos Intelligence.
This method of attack is currently used only for data theft, but researchers warn that it could also be used for other malware.
The attack is the latest that has been discovered by a series of attacks exploiting malfunctions of the SMB, although in contrast to Petya or WannaCry, there is no relationship between him and him EternalBlue, the NSA that had been used for the global ransomware attacks we saw a while ago.
Attacks on critical infrastructure are not a new phenomenon, but since May of 2017 hackers have been using this new technique to target power companies around the world, mainly in Europe and the United States, to steal the credentials of those who work critical infrastructure.
At present it is not known who is behind these attacks or from where they start.
As with other phishing attacks, this attack uses target-related emails to entice them. They are often claimed to be messages that contain a CV in an attached Word document.
Researchers report that these documents did not initially contain malicious macros that we are accustomed to in this type of attack. However, the attachments seem to download a template file from a specific IP address. The researchers found instead of the code instructions for a template injection, which creates a connection to an external SMB server.