Ken Spinner, VP of Field Engineering at Varonis comments:
“It’s significant — and startling — that the attacks being attributed to Dragonfly 2.0 began with spearphishing emails enticing victims to open a malicious attachment. But it’s not surprising. The notion that there may be nation-state or rogue actors who have been resident in the networks of nuclear facilities, electrical grids, and dams isn’t far-fetched. Energy companies should operate under the premise that they have already been hacked and that dormant APTs are lurking in their environment.
The idea that an employee at one of these facilities can open the door to an attack that brings down our power grid simply by clicking on a phishing attempt is a loud wake-up call. Companies in critical sectors must provide the necessary resources to find and address the serious threats posed by these types of attacks. This, in conjunction with air-gapped networks and proper security controls, is required at a minimum.
Many of these infrastructure providers are relying on outdated security systems with limited detection capabilities. The concern over state-sponsored hackers using malware to attack critical infrastructure is no longer theoretical. We got a glimpse of what’s possible when the Ukraine’s power grid was partially disrupted in 2015 and again in 2016.
Unlike ransomware which needs to be detected eventually (so victims can pay the ransom), APTs will try to remain undetected as long as possible to do the most damage. Attackers will often establish numerous footholds within a network and attempt to remain undetected while mapping systems and locating key documents, emails, and user accounts.
We’ve seen malware impact energy systems dating as far back as 2003, when the Microsoft SQL Server Worm, Slammer, infected an Ohio-based nuclear power plant network in 2003, causing a temporary outage. The key difference today is that attackers are equipped with far more sophisticated malware that is designed specifically to infiltrate and damage things like electricity substation switches and circuit breakers.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.