July 7, 2014
An alert from software giant Symantec on Monday announced an “ongoing campaign” by Russia-based cyber-terrorists who have changed their focus from espionage to sabotage. Their primary targets are energy companies using oil and natural gas to provide electrical power to the national grid.
The infections are so powerful that not only can they disrupt internal messaging and controls but they can also disrupt the operations of the physical power plants and pipelines, according to Symantec:
An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims
The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and … could have caused damage or disruption to energy supplies in [the] affected countries.
The attacks emanating from Russia target not only the United States but Spain, France, Italy, Germany, Turkey, and Poland, but they are focused primarily on the United States and Spain.
Symantec said that Dragonfly is no small group of weekend hackers, either: "The Dragonfly group is technically adept and able to think strategically … the group found a “soft underbelly” … invariably smaller, less protected companies."
According to Symantec, this is a government-sponsored operation: "The Dragonfly group is well-resourced with a range of malware tools at its disposal and is capable of launching attacks through a number of different [malware protocols]."
Eric Chien, the chief researcher for Symantec, is frightened over the implications of its discoveries: "When they do have that type of access, that motivation wouldn’t be [just] for espionage. When we look at where they’re at, we’re very concerned about sabotage."
Dragonfly has already had success in infecting “industrial control systems” (ICS) equipment providers by using “software with a remote access type Trojan.” Once installed, the software handed off control of physical plant operations to the saboteurs in Russia:
[The Trojan] caused companies to install the malware when downloading software updates [to their] computers running ICS equipment.
These infections not only gave the attackers a beachhead in the targeted organizations’ networks but also gave them the means to mount sabotage operations.
In trying to decipher the attacks for laymen reading their chilling report, it compared the Trojan malware to Stuxnet, the computer worm that targeted Iran’s nuclear power plant’s fast-spinning centrifuges. It resulted in nearly one-fifth of Iran’s nuclear centrifuges spinning out of control, destroying themselves as a result. The big difference is that Stuxnet was focused on a very narrow target, while the latest expansion now targets entire power grids across the country and around the world.
No comments:
Post a Comment