New Form of Cyber-Attack Targets Energy Sector

itman · Jul 25, 2017

An undetectable SMB e-mail attack.

A new cyber-attack vector against energy companies has reared its head, with the potential to cause power cuts, disrupt vital facilities and even cost lives.

In the attacks so far picked up by Israel-based cybersecurity company CyberInt, a “lure” document masquerades as a curriculum vitae accompanying a harmless email. What makes this latest type of spear-phishing attack hard for the energy companies to identify is that the lure email and attached Word document are totally clean and contain no malicious code whatsoever. They are therefore undetectable to incoming email monitoring defenses.

Instead, the weaponized Word document contains a template reference that, when the document is loaded, connects to an attacker’s server via Server Message Block (SMB) to download a Word template which can include embedded malicious payloads.

The connection to the SMB server also provides the attacker with the victim’s credentials, which can be subsequently used them to acquire sensitive information and/or infiltrate the control systems used by the targeted personnel.
Click to expand...

https://www.infosecurity-magazine.com/news/new-form-of-cyberattack-targets/

itman · Jul 25, 2017

Pointed out in a comment to the above article is if you're not by now monitoring outbound SMB port traffic or better yet restricting it to your local network, you deserve to get nailed by this attack. Also, don't believe this one is using SMBv1 exploit but rather SMBv2+ for communication.

Log in or Sign up

New Form of Cyber-Attack Targets Energy Sector

itman Registered Member

itman Registered Member

Log in or Sign up

New Form of Cyber-Attack Targets Energy Sector

itman Registered Member

itman Registered Member

Useful Searches