A security firm has revealed that a group of hackers were actually able to penetrate the systems of national power grids including some in the US and could in future gain operation control.
What that quite simply means is that they could quite literally turn the lights off at the press of a button.
According to Symantec, they’ve found evidence of a number of highly sophisticated cyber attacks that have taken place in the US and Europe aimed at utility companies and national electricity grids.
It appears as though the attacks were all carried out by a group known only as Dragonfly 2.0.
Syamntec believes that since 2015, the group have been trying to learn more about how energy companies operate and then potentially gain control over national grids, power stations and more.
In fact, Symantec believe the group are now at the stage where if they wanted they could feasibly gain access to a power station and gain actual operational control over some of its key systems.
The way that they do this is frustratingly simple. Through a complex and relentless series of attacks on employee’s email accounts the group are able to gain usernames and passwords.
By sending trojan emails containing what appears to be legitimate information about the energy industry, victims will then click on links that then downloads malicious software onto the computer.
From there Dragonfly are able to gain personal details, login information and even high-level access to some of the most secure systems.
As is so often the case, much of the system can come crashing down with a poorly chosen password so as the first line of defence Symantec recommends that high-level employees at organisations should have 8-10 character passwords that are changed regularly.