Everyone has seen this movie before, a group of highly trained cyber hackers try to take over the world by attacking the one resource we can all not live without, our electricity but in the end the hero comes in at the last second to save the day. The problem is this time this is not a movie and no one is sure a hero will show up in the last second to save the day. According to a recent report by Symantec, it appears that a group has breached several energy companies and has been lying and waiting since 2015. This group of hackers, dubbed the Dragonfly group, have infiltrated several energy companies within Europe and the US and no one is sure what they plan to do next.
The energy sector has always been an area of interest for people looking to cause chaos but over the last few years that interest has seen a dramatic increase. The most notably was the disruption in the Ukraine back in 2015-2016 were a cyberattack that led to power outages affecting hundreds of thousands of people. In the last few months, there have been numerous reports about attempted attacks on energy companies in Europe and nuclear companies in the US being breached. Every day it seems as if someone is trying to find a way to turn out the lights on everyone.
The Dragonfly group, currently, only appear to be research on energy companies. By finding ways to gain access into an energy facility’s network, finding out how it operates and how to gain access to operational systems. They have even gone as far as taking screenshots and naming these files to better understand what is in the screen grab.
One question looming is how did they gain access to these energy companies? It has been released that the malicious emails with attachments that leak internal network credentials, then these credentials are used to install backdoors on the network allowing the hackers to take controls of the computers and the network. Another method seen being utilized is the sending of fake flash updates in hopes a person clicks on the update resulting in a backdoor being installed. The hackers have also employed a trick, named “watering hole”, where they hack a third-party website that is very likely to be visited by energy employees and installing fake buttons that will gain them the access they desire.
However, the largest question looming over all of this is what is the end game? Currently, nothing other than research has been determined is all that has been done. Experts are also not exactly sure who is behind this as code written in both French and Russian has been discovered but no one is sure if that was done to throw people off the true scent or not. One thing is for sure is that the people behind this are highly trained and are experts at their craft.
Here are some best practices to make sure your organization is as secured as it possibly can be:
- Password usage. make sure employees are using tough to crack passwords like ones with a combination of upper and lower case letters, numbers and alpha characters. Also, make sure they are not reusing passwords and most importantly are not sharing their password with anyone.
- Utilize multiple, overlapping and mutually supportive defense systems to guard against single point of failures.
- Encrypt all sensitive data, both in rest and in transit.
- Implement SMB egress traffic filtering on perimeter devices to prevent SMB traffic leaving your network onto the internet.
- Employee education and training
- Understanding of the tools, techniques and procedures of hackers.