New Social Engineering Attack Turns Off Your Power

OK, better get thinking about generators and 1,000 gallon drums of fuel to keep your data center up and running (which you should have done anyway for your disaster recovery plans...)

A new attack vector that bypasses all your software defenses has been discovered by Israeli cybersecurity company Cyberint. At the moment, the bad guys are only targeting US and UK energy companies which could cause power cuts and even cost lives, but this tactic could be used against anyone.

Here is how it plays out. A "honey-doc" masquerades as a resume attached to a harmless email. Both email and attachment are totally clean and contain no malicious code whatsoever. That's what makes them undetectable to any kind of incoming email filter.

However, the Word doc *is* weaponized with a template reference that, when the document is loaded, connects to the attacker’s server via Server Message Block and downloads a Word template which has an extremely well-hidden malicious payload.

The connection to the SMB server also provides the attacker with the victim’s credentials, which can then be used to acquire sensitive information and/or infiltrate the network and/or control systems used by the targeted employee.

The campaign appears to have started in May, and as it is targeted at infrastructure control systems of US and UK energy companies, it's not too hard to guess who is behind it.

The problem is that once this type of attack is out there in the wild all kinds of bad guys get their hands on it. To protect against this type of attack, you want to step your employees through new-school security awareness training so that they do not fall for social engineering tactics like this.