Malware Caused 2016 Ukrainian Power Outage

By

Malware called CRASHOVERRIDE or Industroyer was likely to blame for last year’s power grid attack in the Ukraine that left Kiev in the dark for an hour. And that malware represents the most dangerous threat to industrial control systems since Stuxnet.

These revelations come from separate, but related, reports from Dragos and ESET.

Senior Malware Researcher Anton Cherepanov of Slovakian security firm ESET in a blog earlier this week explained that Industroyer is especially dangerous given its ability to control circuit breakers and electricity substation switches directly using native industrial communication protocols. Those protocols have been in use since before the Internet became commercialized, and predate control systems being connected to the outside world. So security wasn’t a consideration at the time they were designed and put into service.

“That means that the attackers didn’t need to be looking for protocol vulnerabilities,” Cherepanov explained, “all they needed was to teach the malware ‘to speak’ those protocols.”

The ability to speak that language apparently enabled Industroyer to turn off remote terminal units controlling the power system in the Ukraine on Dec. 17, 2016. According to The Hill, it’s believed that Russia is to blame for the attack.

Industroyer reportedly can be used to alter settings, shut down systems, and wipe files. It can be used on various kinds of industrial control systems. And it contains specific attacks for one type of Siemens system.

That said, Robert Lee of Dragos in a blog earlier this week noted that the electric grid is extremely reliable and that, because of that fact, any outages it might suffer would last hours or days as opposed to weeks or months. That said, Lee commented that “CRASHOVERRIDE represents alarming tradecraft and the ability to disrupt operations….”

Lee added that ESET on June 8 called on Dragos to validate its findings to reporters covering the new revelations discussed above. “Dragos was able to confirm much of ESET's analysis and leveraged the digital hashes to find other undisclosed samples and connections to a group we are tracking internally as ELECTRUM,” Lee said. (ELECTRUM is the adversary group behind the 2016 attack of the Ukraine electric grid, Lee explained.)

As for the Stuxnet malware referenced above, that was used by the U.S. and Israel to sabotage the Iranian nuclear arms program.




 

Executive Editor, TMC

SHARE THIS ARTICLE
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More