Recent Cybersecurity Breach Allows Hackers Direct Access to US Power Grid Controls
In 2016, spending and rendered services for cybersecurity rose to more than $80 billion,
and there is no sign of the industry slowing down. The development of
new technology poses new challenges for cybersecurity firms under
pressure to evolve at the same pace. The recent announcement of the
security breach at the credit-reporting company Equifax put
approximately 143 million people at risk of identity
theft. However, Equifax is but one of a string of recent cybersecurity
breaches. In early September 2017, the security firm Symantec warned
that a series of recent hacker attacks not only compromised energy
companies in the U.S. and Europe, but also resulted in intruders'
success gaining access to power grid operations enough to induce blackouts on American soil at will.
A new wave of cyber attacks by a group calling
itself Dragonfly 2.0 targeted dozens of energy companies earlier this
year. In more than 20 cases, Symantec says hackers successfully accessed
their targets' computer networks. While Symantec did not name the
companies affected by the attacks, it says that forensic analyses for a
handful of U.S. companies and at least one company in Turkey revealed
that hackers obtained what is known in the field as "operational access":
control of the interfaces power company engineers use to send actual
commands to the equipment such as circuit breakers, enabling them to
stop the flow of electricity to U.S. homes and businesses.
Eric Chien, a security analyst for Symantec, stated, "[t]here's a difference between being a step away from conducting sabotage and actually being in a position to conduct sabotage...being able to flip the switch on power generation...
We're now talking about on-the-ground technical evidence this could
happen in the U.S., and there's nothing left standing in the way except
the motivation of some actor out in the world."
Symantec's
report on the new intrusion's details revealed that the company has
tracked the Dragonfly 2.0 attacks back to at least December 2015, but
found that they ramped up significantly in the first half of 2017, particularly in the U.S., Turkey and Switzerland. These attacks were designed to harvest credentials
from victims and gain remote access to the machines they operate. So if
the hackers had actually gained access to these systems why did they
stop short of utilizing their access? Chien reasons that the hackers may
have been seeking the option to cause an electrical disruption when it
became strategically useful to do so.
Symantec claims it
has assisted the power companies that experience the deepest
penetrations, helping them eject the hackers from their networks. They
also sent out warning to more than 100 companies who might be exposed to the Dragonfly 2.0 attacks as well as the U.S. Department of Homeland Security.
Nonetheless, Chien warns any company that thinks it may have been the
target of hackers to not only remove any malware its identified but also
refresh their staff's credentials. Given hackers' focus on stealing
passwords, even flushing malware out of a targeted network might still
leave vulnerabilities if they still have employees' working logins.
No comments:
Post a Comment