More than 1,000 energy companies in Europe and North America have been compromised by an Eastern European hacking collective, according to security company Symantec.
The latest cyber espionage campaign was aimed at energy grid operators and industrial equipment suppliers, said Symantec.
Eighty-four countries were affected, with most of the targets in the US, Spain, France, Italy, Germany, Turkey and Poland.
“This attack makes clear the truth that many enterprises are breached but are unaware,” said Steve Hultquist, CIO at RedSeal Networks.
“It also makes it evident that even the most well-defended networks are subject to attack through human error and limited visibility.”
Defence best practice
Read more about critical national infrastructure
- Is UK critical national infrastructure properly protected?
- Government to monitor companies supporting critical national infrastructure
- Critical infrastructure security: Electric industry shows the path
- GRC Management and Critical Infrastructure Protection
Hultquist said the attacks show effective defences include not just perimeter efforts, but multilayered security zoning with ongoing automated analysis of the implementation of those zones, to be sure the network reflects best practice.
“Being able to clearly see your network, its defences and the possible paths through it are a critical aspect of your enterprise defense efforts,” he said.
Symantec said Dragonfly had used a variety of techniques to compromise computers, to give it the “capability to mount sabotage operations that could have disrupted energy supplies across a number of European countries".
Dragonfly used Trojan malware Backdoor.Oldrea to gather system information, including the computers' Outlook address book and a list of files and programs installed; and Trojan.Karagany to upload stolen data, download new files and run them on infected computers.
Symantec said Dragonfly "bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability".
Industrial control systems
Targeted attacks on industrial control systems (ICS) are the biggest threat to critical national infrastructure and take place on a regular basis, according to security company Kaspersky Lab.
Researchers at Kaspersky Lab expect ICS attacks to increase, because industrial networks offer an easier way in to the more heavily protected corporate IT systems.
Eric Chiu, president and co-founder of cloud security fir HyTrust, said cyber attacks are on the rise – from nation-sponsored attacks and industrial espionage to cyber criminals out to steal personal data.
“Nobody – corporations, government agencies or energy companies – is immune, and security needs to be a top priority, rather than an afterthought or insurance plan,” he said.
Chiu said attackers are getting more sophisticated in how they steal credentials and gain access to corporate networks.
“Given this trend, all companies and government organisations should protect their data and networks from the inside-out, assuming the bad guy is already on the network,” he said.
“With that assumption in mind, critical systems should be protected using access controls, role-based monitoring and data encryption,” Chiu added.