Dragonfly is the latest advance in weaponised malware



The discovery of the Dragonfly attack pulls back the veil ever so slightly on some of the tradecraft used in modern espionage. If the researchers' conclusions prove even only partially correct, it confirms the adoption of tactics and techniques by nation states or their proxy groups in the use of weaponised malware.

The fact that the malware was used to gather information does not remove the ability for the attacker to cause significant damage to power generating systems. The Command and Control elements of the malware combined with the ability of the remote attacker to execute commands on the compromised systems support this.

The potential collateral damage to a society that has had its ability to supply energy to its citizens is immense. Think about the last time you had a power cut and the inconvenience it caused, now multiply that 10x or 100x and you begin to see the potential of this type of attack.

At the start of the 1991 Gulf War, the Collation began by running a bombing campaign that targeted military and civilian instillations, top of the list was 11 out of the 20 power stations (destroyed) and 119 sub stations (destroyed). If the same campaign was to be fought today would the Collation consider total destruction of the infrastructure or would they use modern hacking tactics and techniques to subvert control of the power grid with the same outcome less the total destruction?

First seen in Stuxnet, the Dragonfly attack targeted the Industrial control Systems (ICS) of Western European and US energy companies. The planning, preparation and means of subversion (or vector of attack) was evolved. This was not the work of malcontents or the undisciplined, the attack had the hallmarks of a well organised and prepared group with a specific mission.

Related: IBM and Symantec beef up security offerings

The social aspects introduced in order to identify ways to introduce the malware where simple, yet displayed high order thinking. Carrying out reconnaissance to ascertain innocuous ways to deliver the malware to the target system or person demonstrated good field craft. By compromising web sites often visited by workers in the target organisation, the group was able to infect without directly exposing themselves to the target - a good use of misdirection. The last thing most people think about when checking a stock quote or ordering food online is 'is this site compromised or safe for me to use?' Human nature detaches the act of ordering food with what your daily job is (unless you work in the online food ordering business).

This tactic along with the structured nature of the attack points to where government and the security industry need to focus. It is safe to assume that Dragonfly was a state sponsored espionage operation. It demonstrated good planning, preparation and executed its tactics and techniques well. It blended technical competency, with evolved field craft and an appreciation of the social aspects of people in order to achieve its goal.

This attack, which had the potential to move from covert to overt actions, targeted Critical National Infrastructure of multiple Western Nation States simultaneously. Government and Private sector need to work together in order to better prepare all areas of business and key resource providers such as energy companies.

Investment in skills and training in Cyber Security and support for R&D to better detect and protect against these types of Cyber Attack will be key if we are to mitigate these attacks.

Related: Homeland Security warns of malicious POS software

This attack, which had the potential to move from covert to overt actions, targeted Critical National Infrastructure of multiple Western Nation States simultaneously. Government and Private sector need to work together in order to better prepare all areas of business and key resource providers such as energy companies.

 

Investment in skills and training in Cyber Security and support for R&D to better detect and protect against these types of Cyber Attack will be key if we are to mitigate these attacks.

APT1 and Dragonfly are examples of the evolving nature of the Cyber Security challenge facing business. How the government and the private sector react to this over the next 18 months will be critical. Priotisation of the issue and investment in Cyber Security will be critical to the success of our economy and security.

Will Semple is VP of research and intelligence for Alert Logic

 




More

Microsoft has officially lost the browser wars

If Microsoft had contiued to invest in Explorer over the years they may have been able to maintain their hold, but they've let the browser market slip through their fingers.

The rebirth of the subscription model

For decades companies have tried (and largely failed) to push a subscription model for software but it appears that consumer resistance may be fading.

The cloud isn't private enough for naked selfies

People cannot be trusted with their own security online and that should be the primary takeaway from the hacking of celebrities' files.