Electrical Grids Could be Taken Out by Industroyer Malware
Posted by: Timothy Weaver on 06/12/2017 01:56 PM
[
Comments
]
ESET and Dragos security researchers are reporting about a new strain of malware that is capable of taking out equipment installed in power grids.
A successful attack has already been carried out in the Ukraine. The attack took place on December 17, 2016 and took out the power distribution to a large area of Kiev.
Eset security researchers, who found the strain in December, have named it Industroyer. The malware is capable of targeting a specific set of industrial equipment, such as electricity substation switches and circuit breakers. It is capable of adjusting settings or shutting down equipment, causing network outages, cascading failures, and even physical damage to equipment.
The attacks on the Ukraine only started after Russia invaded Crimea, however, Eset researchers haven't yet pointed the finger at Russian operatives.
Robert Lipovský, senior malware researcher at ESET, said: "Attribution is always tricky in cyber-attacks, and we always refrain from speculations, even more so when it comes to sensitive geopolitical issues."
"To attribute merely based on assumptions interests of countries in a state of war without concrete evidence would be pure speculation and dangerous. And in the case of Industroyer, there was no indication in the malware that could point to an attacker – Russian or other," he added. "As for the possible explanations why Ukraine was targeted, regardless of who may be behind it, that’s a very good question to which we don’t have a definite answer."
"Considering that the relatively low impact of the blackout (one region, one hour around midnight) is in great contrast with the sophistication of the malware used and its cost to develop and deploy," the ESET expert says. "It may be that the attackers have failed in some way, or another possible explanation is that it was a test before a greater attack."
However, security experts still warn about the lack of protection to our electrical grid.
Source: Bleeping Computer
A successful attack has already been carried out in the Ukraine. The attack took place on December 17, 2016 and took out the power distribution to a large area of Kiev. Eset security researchers, who found the strain in December, have named it Industroyer. The malware is capable of targeting a specific set of industrial equipment, such as electricity substation switches and circuit breakers. It is capable of adjusting settings or shutting down equipment, causing network outages, cascading failures, and even physical damage to equipment.
The attacks on the Ukraine only started after Russia invaded Crimea, however, Eset researchers haven't yet pointed the finger at Russian operatives.
Robert Lipovský, senior malware researcher at ESET, said: "Attribution is always tricky in cyber-attacks, and we always refrain from speculations, even more so when it comes to sensitive geopolitical issues."
"To attribute merely based on assumptions interests of countries in a state of war without concrete evidence would be pure speculation and dangerous. And in the case of Industroyer, there was no indication in the malware that could point to an attacker – Russian or other," he added. "As for the possible explanations why Ukraine was targeted, regardless of who may be behind it, that’s a very good question to which we don’t have a definite answer."
"Considering that the relatively low impact of the blackout (one region, one hour around midnight) is in great contrast with the sophistication of the malware used and its cost to develop and deploy," the ESET expert says. "It may be that the attackers have failed in some way, or another possible explanation is that it was a test before a greater attack."
However, security experts still warn about the lack of protection to our electrical grid.
Source: Bleeping Computer
Comments
