Spying malware leaves countries' energy grids open to attack

Cyberwarfare campaigns against Western energy grids aren't just the stuff of action movies these days -- they're very, very real. Symantec has discovered a likely state-sponsored hacking group, nicknamed Dragonfly, that has been using phishing sites and trojans to compromise energy suppliers in the US and several other countries. Unlike targeted, destruction-focused malware like Stuxnet, this appears to be a broader spying effort bent on collecting information about national infrastructure. However, it still creates a back door that leaves companies vulnerable to full-fledged attacks if they don't spot the intrusions; it wouldn't take much to create real problems.

Symantec hasn't tracked down those behind Dragonfly, but it has plenty of evidence that they're professionals. Most of the attacks occur on weekdays between 9AM and 6PM Eastern European time, and they're primarily hitting Western European targets. They "think strategically," too. They first focused on aviation and defense agencies around 2011, and switched to power-related companies in early 2013; also, the suppliers under attack are smaller and less secure than the energy providers they're serving. If there's any consolation, it's that companies can shut down individual attacks, and that Symantec has already let affected companies and security response centers know what's happening. Let's just hope that the revelations get firms to tighten their security before there's some major damage.

[Image credit: Bjorn Kindler/Getty]