.

By Andy Bochman

Don't want to talk about Night Dragon … but looks like I have to. We're still digesting the energy sector cyber security implications of 2010's attacks on Google + 30 (confusingly named Operation Aurora), Stuxnet and Wikileaks, and now we've got another whopper.

Looks like energy sector, or more specifically, oil and gas companies were the primary target. Here's a short synopsis of the attack techniques used, which begin of course, with one of the most common (and easy to defend) attack vectors:

The attacks began with a SQL-injection technique, which compromised external web servers. Common hacking tools were then used to access intranets, giving attackers access to internal servers and desktops. Usernames and passwords were then harvested and after disabling Internet Explorer proxy settings, hackers were able to establish direct communication from infected machines to the Internet.

In my experience, oil and gas companies generally have more budget to spend on security protections than their electric utility brethren. So if they don't have their cyber houses in order yet against simple stuff like this, then it's quite likely that the same attacks would have breached electric companies as well.

Click HERE for a short article on this and HERE for the more detailed report by McAfee.

Andy Bochman is author of the Smart Grid Security Blog.

On related topics …

Smart grid security webinar replays now available 

Smart grid security lessons from WikiLeaks?

Surviving Stuxnet (and its offspring) on the road to smart grid security