Published on : Sep 29, 2014
The electronics and communication agency Beldon has reportedly spotted a new cyber threat to the pharmaceutical industry. Called Dragonfly, the malware specifically targets intellectual property of servers in the pharmaceutical industry with the purpose of stealing information.
An initial report released by ipprolifesciences.com stated the malware was targeting the energy sector. Further research revealed that the malware will affect the pharmaceutical industry more.
Dragonfly belongs to the same family of malware as Energetic Bear and Backdoor.Oldrea. Joel Langhill, a leading ICS security expert has been appointed by Beldon to conduct a deeper research on Dragonfly’s potency and reach.
Langhill said he has reasons to believe that the malware affects ICS systems of the pharma segment for three reasons. One of the reasons he stated was that out of all the suppliers of ICs, the firms that were targeted have all been providing services which pharmaceutical companies have used. He also said that the malware was similar to the Epic Turla campaign that affected the pharma IP, along with the fact that the TCP ports targeted by Dragonfly are usually fixed in the pharmaceutical packaging and manufacturing applications.
Eric Byres, Beldon’s CTO of Tofino Security, insisted that the Dragonfly malware was not intended to disrupt services but rather designed to steal IP assets for performing fraudulent processes. In an earlier interview with marketwatch.com, Byres stated security experts and cybercriminals have discovered a lot of vulnerability in the pharma industry’s practices. He said all manufacturing services should secure ICS machines to avoid being victimized by Dragonfly and other malware that stay hidden for years.