September 13, 2017

Cyber attacks on energy companies increasing

by Joe Barone, Shale Directories in Business Information

13th September 2017 | By Rick Stouffer, Editor, Kallanish Energy

With the 16th anniversary of 911 recently past, attacks on U.S. soil are never totally out of mind. The federal Department of Homeland Security was established to keep U.S. soil safe.

While a number of potential attacks have been squashed according to federal authorities, in the last 16 years, the world’s warm embrace for everything electronic has brought with it the potential for another attack on the U.S. that doesn’t include airplanes, guns, bullets, or hijackings.

A ‘Dragonfly’ bites

The power grid and power plants, which provide order and electricity when needed, appears to be a perfect place to attack America. Knock out some key transmission lines or power plants, and the country would come to a halt.

The scary part is, the attacks have been occurring, using something as innocuous as a “Dragonfly.”

Security firm Symantec is warning a series of recent cyber attacks not only compromised energy companies in the U.S. and Europe, but also resulted in the invaders gaining hands-on access to power grid operations — enough control to have caused blackouts on American soil if desired.

Symantec has revealed new attacks by a group it calls “Dragonfly 2.0,” which it says targeted dozens of energy companies since January. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks, Kallanish Energy reports.

Gaining ‘operational access’

A handful of U.S. power firms and at least one company in Turkey, none of which Symantec will name, said their forensic analysis found the hackers obtained what’s called operational access: control of the interfaces power company engineers use to send actual commands to equipment like circuit breakers, giving them the ability to stop the flow of power into homes and businesses.

Disruptions to Ukraine’s power grid in 2015 and 2016 were attributed to a cyber attack and led to power outages affecting hundreds of thousands of people.

Dragonfly appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent the group now has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group.

“There’s a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage … being able to flip the switch on power generation,” Eric Chien, a Symantec security analyst, told Wired magazine. “We’re now talking about on-the-ground technical evidence this could happen in the U.S., and there’s nothing left standing in the way except the motivation of some actor out in the world.”

Never before have hackers been shown to have that level of control of American power company systems, Chien said.

Security firms have blamed the Ukrainian attacks on a hacker group known as Sandworm, believed to be based in Russia.

Chien said his company has found no connection between Sandworm and the hacks it has tracked. Nor has it directly connected the Dragonfly 2.0 campaign to the string of hacker intrusions at U.S. power companies — including a Kansas nuclear facility — known as Palmetto Fusion, which unnamed officials revealed in July, and later tied to Russia, Wired reported.

Some power plants more vulnerable

While the Palmetto Fusion intrusions included a breach of a nuclear power plant, the most serious Dragonfly hacks Symantec tracked penetrated only non-nuclear energy companies, which have less strict separations of their internet-connected information technology networks and operational controls.

The Dragonfly 2.0 attacks are traced back to at least December of 2015, but they ramped up significantly in the first half of 2017, particularly in the U.S., Turkey, and Switzerland.

Symantec’s analysis of those breaches found they began with e-mails that tricked victims into opening a malicious attachment, the earliest found was a fake invitation to a New Year’s Eve party, or so-called watering hole attacks that compromise a website commonly visited by targets to hack victims’ computers.

Those attacks were designed to gather credentials from victims and gain remote access to their machines.

Screenshots

And in the most successful of those cases, including several instances in the U.S. and one in Turkey, the attackers penetrated deep enough to screenshot the actual control panels for their targets’ grid operations — what Symantec believes was a final step in positioning themselves to sabotage those systems at will.

And if those hackers did gain the ability to cause a blackout in the US, why did they stop short? Chien said they may have been seeking the option to cause an electric disruption, but waiting for the opportune time — if an armed conflict broke out, or potentially to issue a well-timed threat that would deter the U.S. from using its own hacking capabilities against another foreign nation’s infrastructure.

Joseph Barone
President
Shale Directories, LLC
www.shaledirectories.com

Tags: