It seems like it’s time to get thinking about generators and a few thousand-gallon drums of fuel to keep your data center up and running – which you should really have done anyway as part of your Disaster Recovery plans. One can never be too cautious where critical business data is concerned.
But now, there is a whole new reason to add an alternative power source to your plans. A new attack vector that bypasses all of your software defenses has been discovered by Israeli cybersecurity company Cyberint. At the moment, the bad guys are targeting US and UK energy companies which could cause power cuts and potentially cost lives. But this tactic could very easily be used against anyone, at any time.
Here’s how it plays out: A “honey-doc” masquerades as a resume attached to a harmless email. Both the email and the attachment are totally clean and contain no malicious code whatsoever. That’s what makes them undetectable to any kind of incoming email filter, and allows them to wind up in your inbox.
However, the Word doc is weaponized with a template reference that, when the document is loaded, connects to the attacker’s server via Server Message Block and downloads a Word template which has an extremely well-hidden malicious payload. The connection to the infected business’ server also provides the attacker with the victim’s credentials, which can then be used for a number of nefarious purposes, such as to acquire sensitive information, infiltrate the network, or control systems used by the targeted employee. Or all of the above.
The campaign appears to have started in May, and as it’s targeted at infrastructure control systems of US and UK energy companies, it’s not too hard to guess who is likely behind it. So for the moment, these particular cybercriminals seem to be acting with a specific purpose in mind.
The problem is that once this type of attack is out there in the wild (remember StuxNet?) all kinds of bad guys eventually get their hands on it. It can easily get picked up and shared amongst the criminally-inclined and repurposed to suit their own wants and needs. To protect against this type of attack, you’ll want to put your employees through new-school security awareness training so that they don’t fall for social engineering tactics like this.
Get the expert guidance you need to train your staff effectively by getting in touch with the Network Heroes team at email@example.com for more information on cyber security training and threat prevention.
Want to learn more about the best way to train your employees to spot a cyber attack and keep your business protected? Get in touch with Network Heroes today at firstname.lastname@example.org or (844) 336-4376. We’re the IT security professionals businesses in Las Vegas trust.