Symantec exposes hackers targeting power grids

More than 1,000 energy companies have been compromised by an Eastern European hacking collective, says Symantec

More than 1,000 energy companies in Europe and North America have been compromised by an Eastern European hacking collective, according to security company Symantec.

Since 2013, the group known as Dragonfly has been targeting organisations that use industrial control systems (ICS) to manage electrical, water, oil, gas and data systems, reports the BBC.

The latest cyber espionage campaign was aimed at energy grid operators and industrial equipment suppliers, said Symantec.

Eighty-four countries were affected, with most of the targets in the US, Spain, France, Italy, Germany, Turkey and Poland.

“This attack makes clear the truth that many enterprises are breached but are unaware,” said Steve Hultquist, CIO at RedSeal Networks.

“It also makes it evident that even the most well-defended networks are subject to attack through human error and limited visibility.”

Defence best practice

Read more about critical national infrastructure

Hultquist said the attacks show effective defences include not just perimeter efforts, but multilayered security zoning with ongoing automated analysis of the implementation of those zones, to be sure the network reflects best practice.

“Being able to clearly see your network, its defences and the possible paths through it are a critical aspect of your enterprise defense efforts,” he said.

Symantec said Dragonfly had used a variety of techniques to compromise computers, to give it the “capability to mount sabotage operations that could have disrupted energy supplies across a number of European countries".

Dragonfly used Trojan malware Backdoor.Oldrea to gather system information, including the computers' Outlook address book and a list of files and programs installed; and Trojan.Karagany to upload stolen data, download new files and run them on infected computers.

Symantec said Dragonfly "bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability".

Industrial control systems

Targeted attacks on industrial control systems (ICS) are the biggest threat to critical national infrastructure and take place on a regular basis, according to security company Kaspersky Lab.

Researchers at Kaspersky Lab expect ICS attacks to increase, because industrial networks offer an easier way in to the more heavily protected corporate IT systems.

Eric Chiu, president and co-founder of cloud security fir HyTrust, said cyber attacks are on the rise – from nation-sponsored attacks and industrial espionage to cyber criminals out to steal personal data.

“Nobody – corporations, government agencies or energy companies – is immune, and security needs to be a top priority, rather than an afterthought or insurance plan,” he said.

Chiu said attackers are getting more sophisticated in how they steal credentials and gain access to corporate networks.

“Given this trend, all companies and government organisations should protect their data and networks from the inside-out, assuming the bad guy is already on the network,” he said.

“With that assumption in mind, critical systems should be protected using access controls, role-based monitoring and data encryption,” Chiu added.

Read more on Hackers and cybercrime prevention