Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 8 MINUTES AGO.
You are here: Home / Network Security / Malware Targets National Power Grids
New Malware Threat Targets National Power Grids
New Malware Threat Targets National Power Grids
By Jef Cozza / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JUNE
12
2017
As if the threat posed by malware was not terrifying enough, researchers from the network security firm ESET said today that a Russian hacker group may have developed a way to take down the power grids of entire countries.

The researchers described the malware, dubbed “Industroyer,” as the most dangerous hacking weapon since Stuxnet. First identified in 2010, Stuxnet is a malicious computer worm that targets industrial computer systems and was responsible for causing substantial damage to Iran's nuclear program.

In fact, the ESET researchers said the malware was responsible for a 2016 blackout that affected Ukraine’s capital city of Kiev for an hour. The researchers also said the malware could be reconfigured to attack other key infrastructure components as well.

'A Particularly Dangerous Threat'

"Industroyer is a particularly dangerous threat, since it is capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas)," the company wrote in a blog post today.

Because Industroyer affects switches directly, the malware can inflict varying degrees of damage on a target country's infrastructure, from simply triggering a temporary blackout, to causing cascading failures or serious damage to equipment.

The malware is able to attack infrastructure equipment so effectively because it uses the common industry protocols that were first designed decades ago, long before most systems were connected to the Internet. As a result, security had not been a major priority at the time they were implemented. In many cases, the hackers only need to learn how to program the malware to communicate with the protocols because there aren't any security systems that they need to circumvent.

The Worst Is Yet To Come

The ESET researchers characterized Industroyer as modular malware that consists of a core backdoor that the attackers then use to deploy other components of the malware and connect the target system to the malware's command and control servers. What makes Industroyer unique from other malware tools are four of these payload components that are specifically designed to target electrical circuit breakers and switches contained in power grid substations.

Industroyer is also designed to be sneaky, eliminating all traces of its existence after it has completed its mission thanks to a wiper module that can erase registry keys to make detection and recovery even more difficult for investigators following an attack.

The malware is also persistent. A secondary backdoor can be deployed via a module that spoofs the Notepad application to regain access to a target system in the event that the original backdoor is discovered and shut down.

As bad as last December's Ukraine attack was, it may represent only a small taste of what's to come. ESET researchers suspect that hackers used that attack as a proof-of-concept in advance of more serious attacks planned for the future.

Image credit: iStock.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.