Reuters: Security Firms Warn of New Cyber Threat to Electric Grid

Cybersecurity experts have identified a new form of malicious software that could disrupt large power systems. The malware was used to cut power in Ukraine in December 2016. Dragos has sent an alert to governments and utilities with recommendations on avoiding the malware, reports Jim Finkle for Reuters, adding “Crash Override can be detected if a utility specifically monitors its network for abnormal traffic, including signs that the malware is searching for the location of substations or sending messages to switch breakers, according to Lee, a former U.S. Air Force warfare operations officer.” Stuxnet is a similar virus that many assume was used by the United States and Israel to shut down Iran's nuclear program.” – YaleGlobal

Reuters: Security Firms Warn of New Cyber Threat to Electric Grid

Cybersecurity experts send out alert on new malware that targets industrial computers and could disrupt large power systems
Jim Finkle
Monday, July 10, 2017

Two cyber security companies said they have uncovered a sophisticated piece of malicious software capable of causing power outages by ordering industrial computers to shut down electricity transmission.

Analysis of the malware, known as Crash Override or Industroyer, indicates it was likely used in a December 2016 cyber attack that cut power in Ukraine, according to the firms, Slovakian security software maker ESET and U.S. critical-infrastructure security firm Dragos Inc.

The discovery may stoke fears about cyber vulnerabilities in power grids that have intensified in the wake of the December Ukraine attack, and one a year earlier that also cut power in that nation.

Ukraine authorities have previously blamed Russia for the attacks on its grid. Moscow has denied responsibility.

Dragos founder Robert M. Lee said the malware is capable of causing outages of up to a few days in portions of a nation’s grid, but is not potent enough to bring down a country’s entire grid.

The firm has alerted government authorities and power companies about the threat, advising them of steps to defend against the threat, Lee said in an interview.

Crash Override can be detected if a utility specifically monitors its network for abnormal traffic, including signs that the malware is searching for the location of substations or sending messages to switch breakers, according to Lee, a former U.S. Air Force warfare operations officer.

The sample of Crash Override that was analyzed by Dragos is capable of attacking power operators across Europe, according to Lee.

“With small modifications, it could be leveraged against the United States,” he said.

Reuters reviewed an ESET technical analysis of the malware provided by the security firm, which they planned to release publicly on Monday. An ESET spokeswoman said the firm’s researchers were not available for comment ahead of its release.

ESET said in its report that it believed the malware was “very probably” used in the 2016 attack in Ukraine, noting it has an activation time stamp of Dec. 17, the day of the outage.

Crash Override is the second piece of malware discovered to date that is capable of disrupting industrial processes, according to Lee.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

Malware has been used in other attacks on industrial targets, including the 2015 Ukraine power outage, but in those cases human intervention was required to interfere with operations, Lee said.

© 2017 Reuters. All rights Reserved.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.