Symantec Security Detects Dragonfly's Energy Sector-Targeting Cyber Schemes
New research from Symantec uncovering a cyber-espionage campaign that has affected 1,018 unique organizations across 84 different countries has demonstrated the impact of sophisticated phishing attacks and watering hole techniques.
The attacker group, dubbed “Dragonfly” by Symantec security experts (other vendors have called them, "Energetic Bear"), launched a campaign against a range of targets, predominantly in the European and American energy sector, over a number of months. Dragonfly used multiple attack methods to install malware onto systems, extracting passwords and documents among other things.
The campaign appears to be focused on industrial espionage, but the attacks also serve as a worrying reminder to consumers that having security software installed is only one part of an effective security defense. Using anti-virus software in isolation won’t necessarily protect you against targeted attacks such as those demonstrated by Dragonfly.
To combat the ever-increasing sophistication of today’s cyberattacks, Internet users must educate themselves against the latest threats, and be vigilant against attempts to bypass defences using social engineering, phishing and fake websites.
Symantec’s security intelligence team began investigating Dragonfly in early 2014, and discovered that the group had compromised a number of strategically important organizations using a number of techniques.
The group initially sent malware in phishing emails to senior personnel in target companies, before launching watering hole attacks - compromising websites likely to be visited by those working in the energy industry to redirect them to websites hosting an exploit kit, which in turn delivered malware to the victim’s computer.
The third, and most ambitious, attack compromised software used by energy industry equipment suppliers, causing companies using the products to install malware when downloading software updates from their suppliers. These infections not only gave attackers a route into the targeted organization’s networks, but also the means to mount sabotage operations against computers in other companies.
How to stay protected
While industrial sabotage at this scale may seem a world away from protecting your home PC or laptop, many of the methods used by Dragonfly demonstrate how cybercriminals are using more advanced techniques to attack specific targets. Small businesses and home users should be aware that installing security software is only the first line of defense against today’s cyberattacks.
Targeted attacks that use a combination of social engineering, email phishing, fake websites and malware insertion increased by 91% year on year in 2013 in an effort to compromise even the biggest and most comprehensively defended company websites and services.
One targeted approach, Spear phishing, is a variation of more traditional phishing that thrives on familiarity. The attacker knows your name, email address and at least a little bit about you to make an email request appear to come from an authentic source. However, it’s actually from the same criminal hackers who want to steal your passwords, credit card and bank account numbers.
Meanwhile, watering hole attacks work by profiling victims and the types of websites they visit, before injecting code onto those sites that redirects the target to a separate destination that hosts the malware. The compromised website then waits to infect the profiled victim with an exploit – just like a lion waiting at a watering hole.
Make sure you’re protected against these threats by carefully scrutinizing emails, and ensuring you always use up-to-date security software. With browser technologies that spot phishing attempts and other vulnerabilities, as well as email scanning for POP3-compatible email clients, products such as Norton 360 and Norton Small Business can keep on top of your computer and network security, allowing you to focus on other things.