A massive attack by cyber criminals is currently affecting around 500 industrial companies across 50 countries, according to security experts at Kaspersky.
What looks like a globally co-ordinated “spear phishing” dodgy email campaign is mostly targeting companies in the electrical power generation and transmission, construction and engineering industries.
Kaspersky says the attack takes the form of emails which look legitimate and sent from reputable companies, such as DHL and Saudi Aramco – they have the related domain names in the sender’s email address.
However, Kaspersky says the emails are actually being sent by cyber crimbos who have somehow managed get valid email address and, crucially, hijacked the sender’s valid sending mechanism.Ongoing cyber attack affecting 500 industrial companies in 50 countries, says Kaspersky Click To Tweet
Most of the emails were sent from “legitimate email addresses belonging to valid organizations”, says Kaspersky.
The company says the hackers could have accessed and read previous communications between the target and their partners. They may then have used this information to craft email communications which appear to be legitimate, so that the victim didn’t recognize the malicious aspect of the email.
Kaspersky says its analysis of the emails compared to known malware shows that “no new code was written specifically for this attack”.
But if the email is opened, it can steal the user’s authentication credentials, which are then sent to a remote server.
Kaspersky says the cyber attack began in August 2016 and is currently ongoing.