When you hear of the “prime target” in cyberattacks, one reoccurring scenario that comes to attention is America’s infrastructure. Specifically, our power grid. It is believed that the energy sector across multiple Western countries is considered “Ground Zero” for what could be a devastating attack on our soil from the digital war front. It is a pressing concern that appears to be more and more of a reality: America’s energy industry is under assault by hackers.
Security experts warn that industrial systems are wide open to potential exploits. Once hackers establish a foothold inside a targeted system, using targeted phishing or similar techniques, everything from lights to handheld devices could be affected. As recently as last month, multiple US energy companies were sent phishing emails as part of a blackhat campaign aimed at stealing credentials. In this phishing scam, hackers pose as the IT department and claim they need to log into associates’ accounts in order to check email preferences and performance.
First clue you’re being solicited by a hacker: an IT department will never need your access in order to check your email. The IT department will always have full access to your account. How, do you think, can they reset your password when you have forgotten it?
In this campaign, people login and give their credentials to a fake website. Bingo – hackers have access. Associates still fall for this con job. A lot of energy companies have suffered phishing attacks, concerted efforts to steal credentials, to map networks, to probe for weaknesses in preparation for a possible future attack. According to cybersecurity firm Symantec, a group which it has dubbed “Dragonfly 2.0” has been active in 2017, particularly in the US, Switzerland, and Turkey; and Dragonfly has implemented scattered attacks on several facilities in other countries. The group uses several means to attack these power grids, including malicious emails such as a New Year’s Eve party invitation designed to leak network security details to Dragonfly.
A greater concern with Dragonfly, however, is the use of watering hole tactic. This is where hackers compromise legitimate sites and services and deliver malware. This strategy opens up new means of attack, and are even able to install full-on trojans that allow for complete or near-complete control of a targeted system. Symantec claims Dragonfly has used all of these, creating everything from fake flash player updates to posing as a source for legitimate apps that common in the energy sector. Backdoor, Dorshel, and Trojan.Karagany.B are all known bits of software that Dragonfly has been using. Symantec describes Dragonfly as a “highly experienced threat actor” and can’t really pin down which country they originate from as many times they will put up a false flag to look like another country.
They have not done so yet, but if Dragonfly were to bring down America’s power grid or even part of it, panic could drive many people to dark places. A lot of the country’s systems depend on the power grid. It is a problem worth worrying about. We already saw in Ukraine what happened when the power grid was taken down. That was a test run. I believe Dragonfly is setting up for a major event in our power grid.
Sadly, I am concerned that it would take a major event to convince people that security is paramount. We will see.
A research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratford University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.