The US government, specifically the FBI and Homeland Security have warned energy firms regarding in the increasing number of cyber-threats this 2017.
In September 2017, The Dragonfly hacking group have emerged and executed a wave of cyber-attacks against energy facilities in Europe and North America such as nuclear, energy, aviation, water and critical manufacturing industries.
This group have been persistent in conducting attacks since 2011, and have also successfully executed some notable power disruptions to Ukraine’s power system in 2015 and 2016. Such attacks have affected thousands of people from UK. The group have carried out their attacks through different infection vectors like the following:
|Feature||Dragonfly (2013-2014)||Dragonfly 2.0 (2015-2017)||Link strength|
|Trojan.Heriplor (Oldrea stage II)||Yes||Yes||Strong|
|Trojan.Listrix (Karagany stage II)||Yes||Yes||Medium-Strong|
|“Western” energy sector targeted||Yes||Yes||Medium|
|Strategic website compromises||Yes||Yes||Weak|
The most recent attacks of the group in early 2017 were dubbed as “Dragonfly 2.0,” considering the group’s sudden change in their attack schemes.
Until now, security companies fear the Dragonfly hacking due to the fact that network systems of energy facilities have usually lower cyber-security compared to infrastructures of other types of companies.
In the FBI’s most recent warning, there was no particular group that was identified. Though there might be evidences leading to the Dragonfly group’s involvement, other cyber-security firms suggest there were different hacking groups tangled as well. However, the Dragonfly group is the most possible subject of the FBI’s warning.
Additionally, the Dragonfly group is also known as Energetic Bear or Berserk Bear. There were also evidences that the group operates from Russia and that the attacks were focused to disrupt major US operations.
Hacking groups easily target network infrastructures of energy firms due to various reasons. The most common reason is the lack of proper security measures such as lack of redundancy in the network, lack of segmentation, lack of firewall, no deep inspection of packets, having insecure remote connections, lack of compatibility of security architectural components and lack of sufficient mechanism in cyber-security.
Furthermore, targeting energy firms can straightforwardly affect thousands of people. It is most probable that these hacking groups are not profit-oriented, for the reason that infiltrating and disrupting energy infrastructures can bring little-to-no profit at all. Since hacking activities are somehow costly and requires manpower, conducting such activities for mere disruption and destruction, without considering profit probabilities, can only be logically assumed to be the work of terrorist groups or threat-actors paid by conflicting nations. Hacking activities are a form of sneaky tactics and could be utilized any moment for unsettling a nation’s tranquility.