Hackers attacking US and European energy firms could sabotage power grids

["Dave Farber" <farber () gmail com>]

So what else is new!! Dave


Begin forwarded message:

> From: Dewayne Hendricks <dewayne () warpspeed com>
> Date: September 6, 2017 at 8:40:47 AM EDT
> To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> Subject: [Dewayne-Net] Hackers attacking US and European energy firms could sabotage power grids
> Reply-To: dewayne-net () warpspeed com
>
> Hackers attacking US and European energy firms could sabotage power grids
> Cybersecurity firm Symantec says ‘Dragonfly’ group has been investigating and penetrating energy facilities in US, 
> Turkey and Switzerland
> By Alex Hern
> Sep 6 2017
> <https://www.theguardian.com/technology/2017/sep/06/hackers-attacking-power-grids-in-us-and-europe-have-potential-to-sabotage>
>
> A hacking campaign is targeting the energy sector in Europe and the US to potentially sabotage national power grids, 
> a cybersecurity firm has warned.
>
> The group, dubbed “Dragonfly” by researchers at Symantec, has been in operation since at least 2011 but went dark in 
> 2014 after it was first exposed, secretly placing backdoors in the industrial control systems of power plants across 
> the US and Europe.
>
> Now, Symantec reports, the group has resumed operations, apparently working since late 2015 to investigate and 
> penetrate energy facilities in at least three countries: the US, Turkey and Switzerland.
>
> “The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access 
> to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain 
> control of these systems should it decide to do so,” the cybersecurity firm warns.
>
> Dragonfly’s methods are varied, but all its attacks seem to be focused on researching the inner workings of energy 
> firms. It has been seen sending malicious emails with attachments that leak internal network credentials, which are 
> then used to install backdoors on the network allowing the hackers to take control of computers and systems. They’ve 
> also been seen seeding fake flash updates to install the backdoors and carrying out “watering hole” attacks, hacking 
> third-party websites that were likely to be visited by people working in the energy sector.
>
> Currently, the group appears to be solely in information-gathering mode, but Symantec warns that a quiet beginning is 
> often a prelude to deliberate attempts at sabotage. The latest campaigns “show how the attackers may be entering into 
> a new phase,” Symantec says, “with recent campaigns potentially providing them with access to operational systems, 
> access that could be used for more disruptive purposes in future.”
>
> The researchers are unable to determine who is behind the Dragonfly campaign: some of the code is in Russian, but 
> some is in French, “which indicates that one of these languages may be a false flag.
>
> “Conflicting evidence and what appear to be attempts at misattribution make it difficult to definitively state where 
> this attack group is based or who is behind it,” the report concludes.
>
> Attacks on the energy sector have been increasing in frequency and damage in recent years, with Ukraine in particular 
> being at the receiving end of multiple successful strikes. A blackout in west Ukraine in 2015 was caused by a group 
> called Sandworm, while a second attack took out power in the nation’s capital, Kiev, in late 2016.
>
> [snip]
>
> Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
> Twitter: https://twitter.com/wa8dzp



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170906085824:0EF95582-9303-11E7-9E1A-CC77A93A0CE3
Powered by Listbox: http://www.listbox.com