Cybersecurity is a growing concern for both consumers and industry, but a new report from Symantec, a cybersecurity firm, is raising the alarm to a whole new level.
The firm, which produces the Norton consumer security products, says a group of hackers now has the potential ability to take control of electric power grids in the U.S. and Europe.
Symantec has identified the group as Dragonfly, saying it has been active in the last two years in attacks on electric power companies. Most recently it said the group was successful in taking down a power grid in Ukraine, resulting in widespread and prolonged power outages.
Symantec said its power company clients are protected against the attacks, but that some grids lacking sophisticated protection could be vulnerable.
Old school weapons
Dragonfly operatives have used a number of different ways to plant malware in power company systems, including some that have been used against individual consumers. Symantec says the earliest campaign used emails disguised as invitations to a New Year's Eve party. When power company employees clicked on a link in the email to RSVP, they unleashed the malware that ultimately infected the company's network.
Symantec said it also has evidence to suggest that files masquerading as Flash updates may be used to install malicious backdoors onto target networks. An email tries to convince the target to download an update for their Flash player.
Symantec calls Dragonfly "an accomplished attack group." So far, it appears to be able to compromise organizations through a variety of methods, including stealing credentials to explore and even control systems and networks.
Increased activity in 2017
The group has been targeting energy networks since 2011 and, in an ominous sign, has stepped up its attacks this year.
In April, the Council on Foreign Relations (CFR) issued a report taking a different view of the threat. The report said carrying out a cyberattack that successfully brought down grid operations would be very difficult, but conceded it would not be impossible.
The CFR report concluded that the difficulty involved in taking control of a major power grid would likely mean the only players capable of doing it are national governments.