Core systems of the U.S.’s power grid have been compromised by hackers outside the country, according to a leading infrastructure security firm. The news has officials rushing to find companies able to provide a solution to the biggest threat critical U.S. infrastructure has ever faced.
Warnings of a potentially catastrophic hack emerged via the security firm Stymantec earlier this year when its analysts noticed that a string of malware attacks on energy providers that began as a trickle back in 2015 increased drastically around April.
In the months since, frequency and intensity of the attacks has increased.
The energy sector has become an area of increased interest to cyber attackers over the past two years. Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyber attack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the U.S. being compromised by hackers.
The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group.
Symantec has strong indications of attacker activity in organizations in the U.S., Turkey, and Switzerland, with traces of activity in organizations outside of these countries. The U.S. and Turkey were also among the countries targeted by Dragonfly in its earlier campaign, though the focus on organizations in Turkey does appear to have increased dramatically in this more recent campaign.
As it did in its prior campaign between 2011 and 2014, Dragonfly 2.0 uses a variety of infection vectors in an effort to gain access to a victim’s network, including malicious emails, watering hole attacks, and Trojanized software.
The earliest activity identified by Symantec in this renewed campaign was a malicious email campaign that sent emails disguised as an invitation to a New Year’s Eve party to targets in the energy sector in December 2015.
The group conducted further targeted malicious email campaigns during 2016 and into 2017. The emails contained very specific content related to the energy sector, as well as some related to general business concerns. Once opened, the attached malicious document would attempt to leak victims’ network credentials to a server outside of the targeted organization.
According to a Government Accountability Office report out last year, around 24,000 substations and 430,000 miles of transmission cables are vulnerable to catastrophic failure wrought by the actions of bad actors. That includes the possibility of targeted cyber-attacks on the 700 large power transformers throughout the nation. According to the GAO, a hacker acting alone or on behalf of a terrorist organization could cause transformer failure and mass power outages with little more than a laptop.
In response to growing threat indicators, President Trump signed an executive order to strengthen the cybersecurity defenses of federal networks and critical infrastructure.
The order specifically requires government to work with public corporations to mitigate risks and help defend critical infrastructure organizations “at greatest risk of attacks that could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.”
The order, along with reports like the latest from Symantec, are creating a massive boom in a new tech sector working to create solutions to strengthen the nation’s critical infrastructure against outside attacks. We recently prepared a thorough report on three companies making big news in the industry as they mount a defense to the biggest threat that almost no one outside of the infrastructure industry seems to to want to talk about, follow this link to learn more.