Dragonfly Joins Mosquito as Seasonal Nuisance
July 10, 2014
That buzzing in your ear punctuated by the tiny sting on the back of your neck serves as a reminder that summer is upon us. We break out the bug spray and even send pesticide-laden trucks into the evening streets to protect us against the onslaught of mosquitoes. Turns out they’re not the only pests on the horizon.
Digital Pesticide and Gratuitous Nudity
Bloomberg News reports that Energetic Bear, a group of Russian hackers also known as Dragonfly, has been targeting grid operators, oil pipelines, and power generators with increased fervor in recent weeks, raising fears that successful penetration could interrupt utility services and supply levels around the world. Reports suggest that these groups have the time, expertise, and resources to see their mission through. This would seem reason enough to shore up your organization’s cybersecurity, as many are choosing to do. “Utilities may spend what may run into the billions of dollars for computer security,” Bloomberg suggests. While your team may not have the same reach as a national utility, you may be standing just as naked before the Energetic Bear. (That was the gratuitous nudity promised in the subheading).
Roads Paved with Good Intentions
What makes this situation even more compelling is that these companies have increased their exposure by trying to do the right thing, establishing real-time communication networks with alternative and green energy providers to efficiently match the provision and consumption needs across the grid. These networks have inadvertently provided Energetic Bear with backdoor access that makes the utilities even more vulnerable.
The Monkey on Your Back (or in Your Network)
In many ways, this is not a new story. In late 2011 and 2012, a Chinese group called UglyGorilla began operations described as surveillance and scouting, looking for security weaknesses that might enable China to wage war in the future or simply wreak havoc by disrupting the delivery of services. In addition to their ability to craft creative names from a wide range of fauna, these groups of hackers have a knack for quietly penetrating dynamic and presumably secure networks. While their intentions and national affiliations aren’t certain, one thing is: you don’t want them penetrating your network.
ICS is the HungryLion of the cyberjungle, the GreatWhiteShark of the sea of data that ebbs and flows around the globe. We can use network penetration testing and vulnerability assessment strategies to ferret out the EnergeticBears and UglyGorillas lurking in the ether. Call us today. Because it’s a jungle out there.