Security firms warn of new cyber threat to electric grid

Given the modular nature of the malware it would be extremely easy to add a module that targeted the US -protocol, said Galina Antova, co-founder of Claroty, a company that provides industrial control security.

Ominously dubbed "Industroyer", it is capable of doing significant damage to electric power systems as it can directly control electricity substation switches and circuit breakers.

Named "Industroyer", the malware was identified after an attack on Kiev in 2016 and analysis by ESET of the malware has found that it is capable of controlling electricity substation switches and circuit breakers directly.

The malware, dubbed CrashOverride or Industroyer, was used in December to shut down one-fifth of the electric grid in Kiev, an attack Ukranian officials blamed Russian Federation for according to Reuters.

Security researchers from ESET and Dragos have discovered a brand new malware strain that was specifically built to target equipment installed in power grids, and which has already been deployed in live attacks in Ukraine.

What is specifically different about Industroyer is its use of four payload components, which are created to gain direct control of switches and circuit breakers at an electricity distribution substation.

Researchers are warning that the strain of malware behind the widely-publicised 2016 power outage in Ukraine could be used against industrial control systems worldwide. However, the tool most likely used, Win32/Industroyer, is an advanced piece of malware in the hands of a sophisticated and determined attacker. So in theory, Industroyer can be used for much more than disrupting the power supply for a European capital.

Fox News drops Roger Ailes' 'Fair & Balanced' slogan
He resigned from Fox in July 2016, following allegations of sexual harassment that brought a sudden end to his 20 year reign. The network will also introduce a new slogan soon, a source there said. 'He would say, "The news is like a ship".

"Thus, their communication protocols were not designed with security in mind. That is definitely alarming", ESET malware researcher Robert Lipovsky told Reuters.

Industroyer is modular and supports four International Electrotechnical Commission protocols used in Europe and the Middle East.

The Industroyer malware poses a threat to a vast number of people with its ability to attack infrastructure such as water and power plants; the prospect of attack such as this is becoming ever more realistic following attacks like the SCADA attack on the Ukrainian power grid in 2015.

There are several steps that industrial vendors can take to protect their industrial control systems, according to Dragos. "It is similar to DDoS attacks which use standard web protocols to communicate with web commerce servers".

The Department of Homeland Security, which works with the owners of the nation's critical infrastructure systems, did not respond to a request for comment Sunday. Their only real security feature involves sequestering them on networks that aren't directly connected to the internet; but as the need for economic efficiency has pressed in, even that has been jettisoned.

The level of sophistication needed to write code for the generally obscure industrial controllers that operate the world's electrical grids suggests a group of hackers well-versed in the field and with the resources to test their creations in the lab, ESET said. The first was Stuxnet, a worm that sabotaged the Iranian nuclear programme, which was thought to have been built by the U.S. and Israel.

The ESET team said that because of its ability to persist in the system and provide information for tuning the configurable payloads, attackers could adapt the malware to any environment, which made it extremely unsafe.

Latest News