Malware Threatens Power Grids

John Lister's picture

Russian-backed hackers appear to have the ability to remotely shut down power stations, researchers claim. However, the cyber weapon appears to only have been successfully deployed once so far.

Two companies, Dragos Inc and ESET, have revealed their analysis of malware that was used in an attack on a transmission station in Kiev, the Ukrainian capital, last December. The outage lasted for an hour and blacked out buildings that normally use 20 percent of the city's electricity. (Source: washingtonpost.com)

Malware Easily Customized

The researchers say the malware, which they've dubbed Crash Override, was specifically created to attack power stations. It's reminiscent of Stuxnet, a US and Israeli cyber weapon created to compromise Iran's nuclear program.

While the Kiev attack was relatively minor in scope and effect, the researchers believe Crash Override could easily be adapted to attack other facilities. What makes it particularly concerning is that much of the code used appears not to have been specific to the Kiev facility. Instead, it appears to give the creators the ability to plug-in 'instructions' that customize the attack to a particular power station.

The code also suggests a different style of attack to previous attempts to hit infrastructure. In those attempts, the hackers used the code to gain access to the systems then (successfully or otherwise) attempted to manually switch equipment off.

Attacks Could Be Coordinated

Contrastingly, Crash Override's code can automatically gain access and issue the shutdown commands, effectively by inserting them directly into the list of procedures that the systems follows. This suggests it would be much easier to run such an attack on a massive scale, simultaneously going after multiple sites without needing large numbers of people operating the attack.

It could also be possible to program the shutdown to take place at a particular time, even if the system wasn't connected to the Internet at that point.

The researcher noted that in theory the code might also allow the attackers to intentionally overload power grid components while disabling safety measures such as circuit breakers, thus causing physical damage rather than simply switching equipment off. However, the researchers were much less certain about this element than the rest of their findings. (Source: wired.com)

What's Your Opinion?

Should governments do more to increase cyber defenses for infrastructure such as power networks? Did the US give up the moral high ground by working on the Stuxnet program? Does the international community need to develop guidelines and "rules of play" for cyber attacks similar to the conventions that exist on physical military conflict?

Rate this article: 
Average: 5 (6 votes)

Comments

Dennis Faas's picture

I find it hard to believe that there would be a great number of similarities in all the power plants spanning the entire globe that would see malware able to zip in and out and cause havoc on multiple sites in multiple countries. I think the majority of the systems are customized for each power grid and therefore one set of 'kill switch' instruction isn't going to work on another power plant, or at least very few.

That said, this type of attack seems to be gaining momentum and I would not be surprised if one day cyber criminals demand ransom to unlock power grids - similar to how the WannaCry ransomware is attacking Windows machines, encrypting files, and demanding ransom. Surely these attacks won't be for giggles - there will be money to be made, whether it's in damage costs, down time, or ransom.

ecash's picture

Im sorry, when I read this a few days ago, I posted my opinion of LAZYNESS and Corps trying to cut corners...
NO admin/sysop monitoring the systems??
Fully Automated??
No man in the middle?
Direct remote access to a critical system and controls??

Sony had a chance and missed it..
They didnt LET the company update the server for years..
They didnt let the company RE-config the setups..

Then a person Got into it, and downloaded 8 terabytes of data??
WHICH should have taken Days to weeks, even a MONTH to do..

Im old school, and anyone sitting on my server LONG periods I WILL CHECK ON..
With Current tech, I would install a BOT that tracks and verifies the Computer on the OTHER END.. Even a Verification CODE ONLY connection..

AUGMENT the display so that you are REQUIRED to have a mod in the browser, or a Custom browser to even SEE THE DATA..

Hidden DIR that you MANUALLY have to know Where they are, and TYPE the directory or you will NEVER find it..

ONLY TXT data used...NO executable CODE in Mail or INSERTED..

Im sorry, but there was/is a TON of things that could/should have been done..

The only thing I see in THIS is a warning of Corp attitude saying we are going to have a Internet war..not bots/virus/malware..its the INTERNET.. Any company that knows BETTEr would use a direct line connection and FORGET the internet.. its to SCARE US and WARN us.. Must remember WHO created Stuxnet..

jcgrande's picture

If you create something like Stuxnet to attack someone you better damn we'll be prepared to defend yourself BEFORE you think of attacking someone. Make sure your own house is in order so don't be surprised if it's turned against you.

Kalisun's picture

This is very interesting indeed. In the book, he talks about how it is a possibility of America's power grids going down. Now, it's not "If" but "When".

ecash's picture

Its just that I would call it incompetence..
Letting Major infrastructure be accessed by the internet is FOOLISH..
You need a person AT the site to At least monitor whats happening..and Manual over rides on everything..
Or a person in the middle..That NO data is installed Unless a person MANUALLY takes it off 1 machine, Scans it, then installs it..
The Only thing an outside person could do is a DDOS..which ISNT HARD..but there are ways to Stop/divert that..Thats hardware and External..

I dont LIKE fully automated Things..
Like Cars that Brake for you..Or can DRIVE for you..
YOU WONT, sit there and watch the road ahead, you will find something else to do..
THEN who is at fault in an accident?

I have seen a person BUY a new Toyota, Fill it with his family and drive it for 5 years, Without changing any Fluids, oils, Anything, over 50k on it..and it DIED..he didnt know HOW to take care of the car..and NO ONE told him..