Last week, the Department of Homeland Security (DHS) reported that hundreds of people have been victimized by hacking attempts conducted by Russian group Dragonfly (or Energetic Bear), the Wall Street Journal said.
Some companies still might not know whether or not they have been compromised, according to DHS, “because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.”
This cyber attack started in the spring of 2016 and carried through 2017, exploiting “relationships that utilities have with vendors who have special access to update software, run diagnostics on equipment and perform other services that are needed to keep millions of pieces of gear in working order.”
Here’s how it happened:
The Wall Street Journal says the Russian group used “conventional tools,” including spear-phishing and watering-hole attacks, to trick victims into giving their passwords on faulty sites. Once that information was surrendered, the corporate network of suppliers was compromised, including many smaller companies without the funding for cybersecurity.
From there, the hackers switched their focus to the companies’ utility networks, and stole confidential information, such as “how utility networks were configured, what equipment was in use and how it was controlled.”
The Wall Street Journal says that DHS is currently conducting briefings, working on garnering more industry cooperation, and trying to learn if there are any “new infections.” DHS is also looking for evidence that Russian hackers are automating their attacks, which “could presage a large increase in hacking efforts.”
DHS has been warning utility executives with security clearances about the Russian group’s capabilities since 2014.
Here’s what to do:
In the meantime, as the investigation is ongoing, decision makers might want to take stock of their current cybersecurity efforts. Now might be the time to update cybersecurity policies and procedures, or, if a company is struggling due to lack of budget for cybersecurity protection, funds might be reallocated accordingly. Decision makers might also want to keep tabs on the investigation, and remind employees not to divulge sensitive data, including passwords, to outside sources.