Dragonfly

If you’re sleeping well at night, you’re not paying attention.

Sure, your credit card, social security number, and mother’s maiden name are being stolen right now, probably, and your passwords are all QWERTY, 1234, and letmein (maybe your are extra clever: LetMe1n).  But the “scary” stuff, well, the good people in Washington are taking care of that, right?

In class, we ask how long you could survive if the ATM and credit card system failed.  Most people don’t have emergency cash in any real amount.  But the nightmare isn’t just the ATMs, the credit cards, even the stock markets.  It’s the whole electrical grid, or even just decent-sized parts of it.

Symantec says you should be paying attention:

Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability. [emphasis added]

The Dragonfly group is technically adept and able to think strategically. Given the size of some of its targets, the group found a “soft underbelly” by compromising their suppliers, which are invariably smaller, less protected companies.

So enjoy the soccer (eh, futbol) game today – unless your cable box/wifi router lose power…