Resurgence in energy sector attacks, with the potential for sabotage, linked to re-emergence of Dragonfly cyber espionage group
A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.
Cyberespionage campaign stole information from targets and had the capability to launch sabotage operations.
Energy is crucial to our modern lifestyle. Disturbingly, reports of attempted attacks against the companies and industries that supply it are increasing every year. In the first half of 2013, the energy sector was the fifth most targeted sector worldwide, experiencing 7.6 percent of all cyberattacks. So, it’s not surprising that in May 2013, the US Department of Homeland Security warned of a rising tide of attacks aimed at sabotaging processes at energy companies. At Symantec, our researchers are finding that traditional energy utility companies are particularly concerned about scenarios created by the likes of Stuxnet or Disttrack/Shamoon which can sabotage industrial facilities.
We are also learning that aggressors who target the energy sector also try to steal intellectual property on new technology, like wind or solar power generators or gas field exploration charts. While data theft incidents may not pose an immediate and catastrophic threat to a company, they can create a longer term strategic threat. Information stolen could be used in the future to perform more disruptive actions.
The motivations and origins of attacks can vary considerably. A competitor may commission actions against energy companies to gain an unfair advantage. There are “hackers for hire” groups such as the Hidden Lynx group, who are more than willing to engage in this type of activity. State-sponsored hackers could target energy firms in an attempt to disable critical infrastructure. Hacktivist groups may also victimize companies to further their own political goals. Symantec researchers know these threats can originate from all over the world and sometimes from within company walls. Insiders who are familiar with the systems can carry out attacks for extortion, bribery or revenge. And disruptions can simply happen by accident such as a misconfiguration or a system glitch. For example, in May 2013, the Austrian power grid nearly had a blackout due to a configuration issue.
Our research has found that modern energy systems are becoming more complex. There are supervisory control and data acquisition (SCADA) or industrial control systems (ICS) that sit outside of traditional security walls. And as smart grid technology continues to gain momentum, more new energy systems will be connected to the Internet of Things, which opens up new security vulnerabilities related to having countless connected devices. In addition to this, many countries have started to open the energy market and add smaller contributors to the electric power grid, such as private water power plants, wind turbines or solar collectors. While these smaller sites make up only a small portion of the grid, the decentralized power input feeds can be a challenge to manage with limited IT resources and need to be carefully monitored to avoid small outages that could create a domino effect throughout the larger grid.
We see the need for a collaborative approach combining IT and industrial component security to protect the industry’s information. To partner in this effort, Symantec has conducted an in-depth study into attacks focused on the energy sector that took place in the past 12 months. This research presents the facts and figures, and covers the methods, motivations, and history of these attacks.
The following infographic illustrates some of the key points around attacks against the industries in the energy sector.