With the action easing up in Brazil this week you may have seen reports circulating about a malware attack on more than 1,000 energy companies across Europe and North America. The attack was carried out by a group of attackers known by the name of Dragonfly. Dragonfly have been in operation since 2011 and previously targeted defence and aviation companies in the USA and Canada.
Research carried out by Symantec found that Dragonfly turned its attentions to Energy companies in early 2013 and managed to compromise 1,000 strategically important organizations for spying purposes. Dragonfly infiltrated the organisations using phishing attempts in the form of spam emails sent to senior executives with infected PDFs attached to infiltrate the network. Disturbingly, if they had used the sabotage capabilities open to them, the group could have caused untold damage and disruption to the energy supply in the affected countries.
It is cause for concern that critical infrastructure could have been damaged or interfered with simply because staff were not cautious enough in their approach to suspicious emails. This attack goes to show just how important staff education about cyber-security is in protecting an organisation of any size. One uninformed employee can undo a whole security infrastructure – or even risk plunging people into darkness – with a single click.