A Dragonfly that stings
This editorial ran in the Washington Post: For the second time this year, evidence has surfaced of a serious potential threat to electrical and industrial systems from cyberattack.
A security firm, Symantec, has discovered a wave of malware called Dragonfly in Europe and the United States that could put bad actors in position to switch off the lights.
The firm said malware by that name had been around since 2011 but was dormant for a while before re-emerging — Symantec calls it Dragonfly 2.0 — with a “distinct increase in activity” this year. The attackers are using f amiliar tools, such as “spearphishing” emails with attachments reeking with dangerous code, including an attachment resembling a benign in- vitation to a New Year’s Eve party.
According to Symantec, the bad actors behind Dragonfly 2.0 have entered electric utility networks in Turkey, Switzerland and the United States numerous times and they “may be entering into a new phase.”
What Symantec found “most concerning” was that the intruders were taking screenshots of the layout of operational systems.
The company said the architects of the Dragonfly campaign are an “accomplished attack group” and highly experienced. It is known that Ukraine has suffered power blackouts caused by cyberattacks that it blames on Russia. Could Russia also be probing the U.S. electrical grid? Or another nation?