The Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) warned in an e-mail on October 20 that an ongoing cyberattack marketing campaign is concentrating on the nuclear, power, and different crucial infrastructure sectors since no less than May 2017—with outcomes starting from cyber espionage to the power to disrupt power techniques within the occasion of a hostile battle.
The federal companies on October 20 additionally launched a joint technical alert, which supplies data on what they deem are “superior persistent menace” actions. The report outlines “indicators of compromise” in addition to technical particulars on the ways, methods, and procedures utilized by the menace actors on compromised networks.
The alarm sounded by the DHS and FBI is severe and ought to be heeded, stated Dana Tamir, vice chairman of Market Strategy for Indegy, a cybersecurity options and expertise agency.
“This is the primary time we’re seeing such a widespread marketing campaign that’s particularly concentrating on industrial management techniques (ICS) that are liable for managing and controlling the bodily processes in nuclear, water, aviation, and important manufacturing sectors,” she informed POWER on October 23.
The Dragonfly Threat
Security threats aimed toward energy corporations have been on the rise and are rising extra various, specialists usually notice. Following the unprecedented disruption of electrical grid operations in Ukraine on December 23, 2015—an assault attributed to the usage of BlackEnergy three malware—a second assault using CrashOverride malware in December 2016 left parts of Kiev with out energy.
On October 10, cybersecurity agency FireEye reported its gadgets detected and blocked spear-phishing emails despatched on September 22 to U.S. electrical corporations by menace actors “possible affiliated with the North Korean authorities.” But the agency reported that the exercise was “early-stage reconnaissance, and never essentially indicative of an imminent, disruptive cyber assault which may take months to arrange if it went undetected (judging from previous experiences with different cyber menace teams).” It added that it had not noticed suspected North Korean actors utilizing any instrument or technique particularly designed to compromise or manipulate the ICS networks, concluding that the actors could not “have entry to any such functionality presently.”
The joint evaluation report by the DHS and FBI launched on Friday, nonetheless, describes “distinct indicators and behaviors” of a probably extra disruptive cyberattack marketing campaign, and it factors particularly to Dragonfly, a bunch that has reportedly stepped up cyberattacks aimed toward severely crippling operations within the European and North American power sectors.
Few particulars are publicly accessible about what Dragonfly is, the place the menace actors are primarily based, and what motivates them. The DHS lists the menace underneath “reported Russian navy and civilian intelligence companies,” together with BlackEnergy, Energetic Bear, and Havex.
IT safety agency Symantec in a September alert stated that the group, which has been in operation since no less than 2011, launched a renewed marketing campaign, “Dragonfly 2.zero,” in December 2015. The agency warned it has seen a “distinct enhance in exercise in 2017.”
Specific Operational Technology Targets
According to the DHS/FBI report, Dragonfly’s marketing campaign contains two distinct classes of victims: staging and meant targets.
“The preliminary victims [which the report refers to as “staging targets”] are peripheral organizations resembling trusted third occasion suppliers with much less safe networks,” the report says. “The menace actor makes use of the staging targets’ networks as pivot factors and malware repositories when concentrating on their closing meant victims.”
It provides: “The final goal of the cyber menace actors is to compromise organizational networks, that are referred all through this alert as ‘meant goal.’”
Indegy cybersecurity knowledgeable Tamir on October 23 informed POWER that the marketing campaign seems to be particularly concentrating on operational expertise (OT), and it…