First use of malware to take out civilian power grid infrastructure

[5.56NATO]

Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said. The outage left about half of the homes in the Ivano-Frankivsk region of Ukraine without electricity, Ukrainian news service TSN reported in an article posted a day after the December 23 failure.
The report went on to say that the outage was the result of malware that disconnected electrical substations.
On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators.
They said the malware led to "destructive events" that in turn caused the blackout.
If confirmed it would be the first known instance of someone using malware to generate a power outage.
"It's a milestone because we've definitely seen targeted destructive events against energy before-oil firms, for instance-but never the event which causes the blackout," John Hultquist, head of iSIGHT's cyber espionage intelligence practice, told Ars. "It's the major scenario we've all been concerned about for so long." Researchers from antivirus provider ESET have confirmed that multiple Ukrainian power authorities were infected by "BlackEnergy," a package discovered in 2007 that was updated two years ago to include a host of new functions, including the ability to render infected computers unbootable.
More recently, ESET found, the malware was updated again to add a component dubbed KillDisk, which destroys critical parts of a computer hard drive and also appears to have functions that sabotage industrial control systems.
http://www.thebigwobble.org/2016/01/...on-highly.html




The genie is well out of the bottle.

[l921428x]

Yeah I saw this a couple of days ago. All this plug in and wired up computer system to run everything
is dangerous. But it is how everything is headed now. We constantly get letters from the service providers
for us to go paperless. Ah no. We even had 1 company tell us they were going to charge us a couple of bucks
to send our paper bill and take our checks as payment. So I called them and said we have been together for
many years but I will change providers. That stopped that.

[1 Patriot-of-many]

Yeah I saw this a couple of days ago. All this plug in and wired up computer system to run everything
is dangerous. But it is how everything is headed now. We constantly get letters from the service providers
for us to go paperless. Ah no. We even had 1 company tell us they were going to charge us a couple of bucks
to send our paper bill and take our checks as payment. So I called them and said we have been together for
many years but I will change providers. That stopped that.

Yeah I like paper statements too. Say your bank "loses" all it's electronic records of your balances ect....... I'm not getting F'ed.

[alismith]

.They said the malware led to "destructive events" that in turn caused the blackout.
If confirmed it would be the first known instance of someone using malware to generate a power outage.
"It's a milestone because we've definitely seen targeted destructive events against energy before-oil firms, for instance-but never the event which causes the blackout," John Hultquist, head of iSIGHT's cyber espionage intelligence practice, told Ars. "It's the major scenario we've all been concerned about for so long." Researchers from antivirus provider ESET have confirmed that multiple Ukrainian power authorities were infected by "BlackEnergy," a package discovered in 2007 that was updated two years ago to include a host of new functions, including the ability to render infected computers unbootable.
More recently, ESET found, the malware was updated again to add a component dubbed KillDisk, which destroys critical parts of a computer hard drive and also appears to have functions that sabotage industrial control systems.
http://www.thebigwobble.org/2016/01/...on-highly.html

Seems to me, if the head of cyber espionage intelligence practice has been as worried as he claims to have been, he would have set in place measures to protect against such an attack.

Anything that is computer controlled is vulnerable.

[5.56NATO]

Seems to me, if the head of cyber espionage intelligence practice has been as worried as he claims to have been, he would have set in place measures to protect against such an attack.

Anything that is computer controlled is vulnerable.

What his company does is offer help in hardening systems. It's up to the utility owners to ante up for his or at least some protection. As you can imagine, the utilities don't want the cost nor the downtime that could come from security upgrades or changes in their operating procedures. I doubt if his company is or could be infected and taken down, but the isp that provides his net access might be a weak link. The single biggest issue is having the control and communications of embedded systems (here I mean built in computer chips that monitor and control water, gas, electric utility machines) over the innernet, this is the point of entry for most of the bad guys.

Also, like stuxnet, the malware will likely be targeting the embedded chips themselves, talking directly to them. As I recall, stuxnet was placed on the Iranian nuclear enrichment pcs by a usb drive, then the code spread and installed itself via the chip manufactrurers embedded os upgrade path into the embedded controller chips in the centrifuges, and caused them to go insane and ruin the centrifuges.

Another case in point, I read of a Russian attack where they didn't target the os or app, they tried to communicate with and control the chip in networking cards.