Better think about stocking up on fuel and dusting off that generator.
A new attack vector that bypasses most software defenses has been discovered by Israeli cybersecurity company, Cyberint. At the moment criminals are targeting US and UK energy companies and if successful, will cause power outages and could cost lives. However, the infiltration strategy could be used against organization that uses email.
How it works:
A “lure” masquerades as a resume attached to a harmless email. Both email and attachment are totally clean and contain no malicious code whatsoever. That’s what makes them undetectable to any kind of incoming email filter. However, the Word doc **is weaponized** with a template reference that, when the document is loaded, connects to the attacker’s server via Server Message Block and downloads a Word template which has an extremely well-hidden malicious payload that is designed to hijack energy grid control systems.
Attacks targeting energy companies’ control systems and infrastructure are becoming an alarming issue worldwide, from the infamous Stuxnet malware discovered in 2010, designed to wreak havoc in Iran’s SCADA systems, to the one year-long campaign against Israel Electric Company. Nuclear facilities around the world are also being infected with malware. This is in addition to the long running campaign targeting Ukraine, which caused widespread power outages in 2015 and 2016.
We recommend that organizations that service or support critical infrastructure run regular security audits and have a current business continuity (BC) plan in place and practice good IT hygiene to minimize cybertosis.
Stay safe out there.