Dragonfly is the latest advance in weaponised malware



The discovery of the Dragonfly attack pulls back the veil ever so slightly on some of the tradecraft used in modern espionage. If the researchers' conclusions prove even only partially correct, it confirms the adoption of tactics and techniques by nation states or their proxy groups in the use of weaponised malware.

The fact that the malware was used to gather information does not remove the ability for the attacker to cause significant damage to power generating systems. The Command and Control elements of the malware combined with the ability of the remote attacker to execute commands on the compromised systems support this.

The potential collateral damage to a society that has had its ability to supply energy to its citizens is immense. Think about the last time you had a power cut and the inconvenience it caused, now multiply that 10x or 100x and you begin to see the potential of this type of attack.

At the start of the 1991 Gulf War, the Collation began by running a bombing campaign that targeted military and civilian instillations, top of the list was 11 out of the 20 power stations (destroyed) and 119 sub stations (destroyed). If the same campaign was to be fought today would the Collation consider total destruction of the infrastructure or would they use modern hacking tactics and techniques to subvert control of the power grid with the same outcome less the total destruction?

First seen in Stuxnet, the Dragonfly attack targeted the Industrial control Systems (ICS) of Western European and US energy companies. The planning, preparation and means of subversion (or vector of attack) was evolved. This was not the work of malcontents or the undisciplined, the attack had the hallmarks of a well organised and prepared group with a specific mission.

Related: Homeland Security warns of malicious POS software

The social aspects introduced in order to identify ways to introduce the malware where simple, yet displayed high order thinking. Carrying out reconnaissance to ascertain innocuous ways to deliver the malware to the target system or person demonstrated good field craft. By compromising web sites often visited by workers in the target organisation, the group was able to infect without directly exposing themselves to the target - a good use of misdirection. The last thing most people think about when checking a stock quote or ordering food online is 'is this site compromised or safe for me to use?' Human nature detaches the act of ordering food with what your daily job is (unless you work in the online food ordering business).

This tactic along with the structured nature of the attack points to where government and the security industry need to focus. It is safe to assume that Dragonfly was a state sponsored espionage operation. It demonstrated good planning, preparation and executed its tactics and techniques well. It blended technical competency, with evolved field craft and an appreciation of the social aspects of people in order to achieve its goal.

This attack, which had the potential to move from covert to overt actions, targeted Critical National Infrastructure of multiple Western Nation States simultaneously. Government and Private sector need to work together in order to better prepare all areas of business and key resource providers such as energy companies.

Investment in skills and training in Cyber Security and support for R&D to better detect and protect against these types of Cyber Attack will be key if we are to mitigate these attacks.

Related: IBM and Symantec beef up security offerings

This attack, which had the potential to move from covert to overt actions, targeted Critical National Infrastructure of multiple Western Nation States simultaneously. Government and Private sector need to work together in order to better prepare all areas of business and key resource providers such as energy companies.

 

Investment in skills and training in Cyber Security and support for R&D to better detect and protect against these types of Cyber Attack will be key if we are to mitigate these attacks.

APT1 and Dragonfly are examples of the evolving nature of the Cyber Security challenge facing business. How the government and the private sector react to this over the next 18 months will be critical. Priotisation of the issue and investment in Cyber Security will be critical to the success of our economy and security.

Will Semple is VP of research and intelligence for Alert Logic

 




More

Apple and Google enabling cop-proof encryption

Google has announced that new versions of Android will automatically enable encryption by default, and like Apple they say it will protect people from the police.

NVIDIA Launches New GPU and Proves We DID Land On the Moon

Maxwell in NVIDIA’s new impressively powerful GPU, they used a desktop graphics card to prove that the moon landing photo that many believed was taken in a studio, and not on the moon, wasn’t a hoax.

Qualcomm Moves to Change the World and Create Real Superheroes

In Qualcomm's future your cell phone not only connects and can stream through all your TVs and Music devices if you want a tune you have on your phone on any music device in any room at any time you just push it there.