Dragonfly – Cyber Espionage

Earlier this month I read an interesting article about recent cyber-attacks on energy companies called Dragonfly. The end goal of Dragonfly is to sabotage whatever infrastructure it infiltrates, in this case power companies. There are two reasons this caught my interest. First it looks like Dragonfly is government sponsored. That means a government has hired cyber-security specialists to craft an attack designed to cripple the power grid or take control of it. Second is that the way Dragonfly works is similar to what many other threats infect computers like the ones I see in offices on a regular basis.

Dragonfly is a multi-staged attack. The group running the attack sends emails known as phishing emails to targeted firms with malware embedded in the messages. The emails are very convincing and look like messages the recipient would get from trusted sources. Next the group set up what is known as a watering hole attack. The way this attack works is the attacking group is able to gain access to a website they know is likely to be frequented by their target. Once the attacker has access they inject what’s known as an exploit kit that will allow them to exploit a flaw in their target’s web browser to deliver additional malware to the target computers. At this point most attacks on the internet at large have what they need from their targets. Dragonfly goes a step further and was able to turn legitimate software patches from several Information and Control Systems equipment manufacturers into Trojan Horses. This gave the attackers control over these systems as well. Any firm infiltrated by this multi-staged attack had their entire system from the devices that control the flow of power to the computers of the highest levels of management breached and under outside control.

If you have made it this far into the article you might be asking why we should worry about this attack. What does it have to do with a small business? This attack and how well it was planned and executed serves to prove a point. Hackers are no longer nerds living in their parent’s basement, they are groups of highly trained security experts hired by governments and private interests alike to gather information and gain control over remote resources. Their targets range from very specific to very broad groups and small businesses are in most cases the least protected. Business owners and managers whose companies use the internet for business in any way need to have a solid plan and strategy in place for making sure their valuable electronic assets are secure. That means working with your IT Pro to reduce the rights each user has on their local machine to just what they need for their daily activities and make sure antivirus is up to date as well as any software and operating systems on your network. Next generation firewalls that scan for malware as the data flows through them from the internet should be implemented. Users should be educated to recognize phishing attacks. They should know what to expect if their computer detects a virus so they are not vulnerable to the popular fake antivirus attacks. Security is important and should be a priority for any business, including small businesses.

Leave a Reply