According to a new report from US security firm Symantec, more than 1000 energy companies in North America and Europe have been targeted in a large malware attack.
The main targets were energy grid operators, petroleum pipeline operators, electricity generation firms and industrial equipment providers for the energy sector in eighty four countries. The majority of the victims were located in the US, Spain, France, Italy, Germany, Turkey and Poland.
Hackers are believed to be part of the Eastern European collective known as ‘Dragonfly’. Symantec said: ‘Its primary goal appears to be espionage’.
The security firm also said: Dragonfly ‘bears the hallmarks of a state sponsored operation, displaying a high degree of technical capability’.
Independent computer security analyst Graham Cluley told the BBC: “There is no doubt that we have entered a new era of cybercrime, where countries are not just fighting the threat, but are also exploiting the internet for their own interests using the same techniques as criminals”.
In its report, Symantec said Dragonfly had accessed computers using a variety of techniques, including attaching malware to third party programs and emails. The group also infected websites frequented by energy workers in what is know as a 'watering hole' attack. In this attack, instead of targeting a victim's computer network directly, hackers infect websites their targets visit on a regular basis with malware. Workers visiting that site then inadvertently download the infected software.
Rob Cotton, CEO at global information assurance firm NCC group acknowledged the sophistication of the attack. “The way Dragonfly targeted the companies in question was, while not groundbreaking, interesting and concerted. It appears that they clearly mapped out their intended plan of attack”.
However, Cotton went on to say: “The increasing frequency of these attacks whilst concerning should not be a cause for alarm for the average consumer – yet. Government departments such as the CPNI (Centre for the Protection of National Infrastructure) provide sound advice to all key components of society, ensuring the lights stay on and similar core services and function critical to our way of life are available”.
Kevin Haley, the director of security response at Symantec additionally emphasised that there is no evidence that the group intended to inflict damage on the networks to which it had gained access. The apparent motive was to learn more about energy companies' operations, strategic plans and technology. Despite this, "the potential for sabotage is there", he added.
Edited from various sources by Emma McAleavey
Read the article online at: https://www.oilfieldtechnology.com/exploration/02072014/cyber_espionage_group_attacks_energy_firms_830/