Malware Threatens Power Grids
Russian-backed hackers appear to have the ability to remotely shut down power stations, researchers claim. However, the cyber weapon appears to only have been successfully deployed once so far.
Two companies, Dragos Inc and ESET, have revealed their analysis of malware that was used in an attack on a transmission station in Kiev, the Ukrainian capital, last December. The outage lasted for an hour and blacked out buildings that normally use 20 percent of the city's electricity. (Source: washingtonpost.com)
Malware Easily Customized
The researchers say the malware, which they've dubbed Crash Override, was specifically created to attack power stations. It's reminiscent of Stuxnet, a US and Israeli cyber weapon created to compromise Iran's nuclear program.
While the Kiev attack was relatively minor in scope and effect, the researchers believe Crash Override could easily be adapted to attack other facilities. What makes it particularly concerning is that much of the code used appears not to have been specific to the Kiev facility. Instead, it appears to give the creators the ability to plug-in 'instructions' that customize the attack to a particular power station.
The code also suggests a different style of attack to previous attempts to hit infrastructure. In those attempts, the hackers used the code to gain access to the systems then (successfully or otherwise) attempted to manually switch equipment off.
Attacks Could Be Coordinated
Contrastingly, Crash Override's code can automatically gain access and issue the shutdown commands, effectively by inserting them directly into the list of procedures that the systems follows. This suggests it would be much easier to run such an attack on a massive scale, simultaneously going after multiple sites without needing large numbers of people operating the attack.
It could also be possible to program the shutdown to take place at a particular time, even if the system wasn't connected to the Internet at that point.
The researcher noted that in theory the code might also allow the attackers to intentionally overload power grid components while disabling safety measures such as circuit breakers, thus causing physical damage rather than simply switching equipment off. However, the researchers were much less certain about this element than the rest of their findings. (Source: wired.com)
What's Your Opinion?
Should governments do more to increase cyber defenses for infrastructure such as power networks? Did the US give up the moral high ground by working on the Stuxnet program? Does the international community need to develop guidelines and "rules of play" for cyber attacks similar to the conventions that exist on physical military conflict?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Not sure how successful this will be
I find it hard to believe that there would be a great number of similarities in all the power plants spanning the entire globe that would see malware able to zip in and out and cause havoc on multiple sites in multiple countries. I think the majority of the systems are customized for each power grid and therefore one set of 'kill switch' instruction isn't going to work on another power plant, or at least very few.
That said, this type of attack seems to be gaining momentum and I would not be surprised if one day cyber criminals demand ransom to unlock power grids - similar to how the WannaCry ransomware is attacking Windows machines, encrypting files, and demanding ransom. Surely these attacks won't be for giggles - there will be money to be made, whether it's in damage costs, down time, or ransom.
JUST opinion
Im sorry, when I read this a few days ago, I posted my opinion of LAZYNESS and Corps trying to cut corners...
NO admin/sysop monitoring the systems??
Fully Automated??
No man in the middle?
Direct remote access to a critical system and controls??
Sony had a chance and missed it..
They didnt LET the company update the server for years..
They didnt let the company RE-config the setups..
Then a person Got into it, and downloaded 8 terabytes of data??
WHICH should have taken Days to weeks, even a MONTH to do..
Im old school, and anyone sitting on my server LONG periods I WILL CHECK ON..
With Current tech, I would install a BOT that tracks and verifies the Computer on the OTHER END.. Even a Verification CODE ONLY connection..
AUGMENT the display so that you are REQUIRED to have a mod in the browser, or a Custom browser to even SEE THE DATA..
Hidden DIR that you MANUALLY have to know Where they are, and TYPE the directory or you will NEVER find it..
ONLY TXT data used...NO executable CODE in Mail or INSERTED..
Im sorry, but there was/is a TON of things that could/should have been done..
The only thing I see in THIS is a warning of Corp attitude saying we are going to have a Internet war..not bots/virus/malware..its the INTERNET.. Any company that knows BETTEr would use a direct line connection and FORGET the internet.. its to SCARE US and WARN us.. Must remember WHO created Stuxnet..
Prepare to Defend Before You Attack
If you create something like Stuxnet to attack someone you better damn we'll be prepared to defend yourself BEFORE you think of attacking someone. Make sure your own house is in order so don't be surprised if it's turned against you.
Reminds me of a book I read "Lights Out" from Ted Koppel
This is very interesting indeed. In the book, he talks about how it is a possibility of America's power grids going down. Now, it's not "If" but "When".
Sorry
Its just that I would call it incompetence..
Letting Major infrastructure be accessed by the internet is FOOLISH..
You need a person AT the site to At least monitor whats happening..and Manual over rides on everything..
Or a person in the middle..That NO data is installed Unless a person MANUALLY takes it off 1 machine, Scans it, then installs it..
The Only thing an outside person could do is a DDOS..which ISNT HARD..but there are ways to Stop/divert that..Thats hardware and External..
I dont LIKE fully automated Things..
Like Cars that Brake for you..Or can DRIVE for you..
YOU WONT, sit there and watch the road ahead, you will find something else to do..
THEN who is at fault in an accident?
I have seen a person BUY a new Toyota, Fill it with his family and drive it for 5 years, Without changing any Fluids, oils, Anything, over 50k on it..and it DIED..he didnt know HOW to take care of the car..and NO ONE told him..