Spying energy grids to attack


If there’s any consolation, it’s that companies can shut down individual attacks, and that Symantec has already let affected companies and security response centers know what’s happening. They first focused on aviation and defense agencies around 2011, and switched to power-related companies in early 2013; also, the suppliers under attack are smaller and less secure than the energy providers they’re serving. Most of the attacks occur on weekdays between 9AM and 6PM Eastern European time, and they’re primarily hitting Western European targets.Cyberwarfare campaigns against Western energy grids aren’t just the stuff of action movies these days — they’re very, very real. However, it still creates a back door that leaves companies vulnerable to full-fledged attacks if they don’t spot the intrusions; it wouldn’t take much to create real problems.


Unlike targeted, destruction-focused malware like Stuxnet, this appears to be a broader spying effort bent on collecting information about national infrastructure. They “think strategically,” too. Symantec has discovered a likely state-sponsored hacking group, nicknamed Dragonfly, that has been using phishing sites and trojans to compromise energy suppliers in the US and several other countries. Let’s just hope that the revelations get firms to tighten their security before there’s some major damage.

Image credit: Bjorn Kindler/Getty. Symantec hasn’t tracked down those behind Dragonfly, but it has plenty of evidence that they’re professionals. What you think?