On Monday, two cyber security companies — Slovakia-based anti-virus software outfit Eset, and American firm Dragos that deals with critical-infrastructure security — claimed to have identified the malware that caused the disturbing power outage.
Known by the names Industroyer and Crashoverride, they warned that it could be repurposed with little effort by other groups intent on causing further havoc around the world targeting not only power supply operations, but also water and gas systems, and transportation networks.
Industroyer is believed to be considerably more advanced than the malware used in another attack on Ukraine’s power grid a year earlier, in December 2015.
Eset said it’s been studying the malware for a number of months and recently shared its data with Dragos, leading it to conclude that it’s same as that used in the Ukraine incident in 2016.
Robert Lee of Dragos suggested this week that the Kiev transmission substation targeted in last year’s incident “may have been more of a proof of concept attack than a full demonstration of the capability in Crashoverride,” though at this stage he said he couldn’t be certain.
Either way, Eset senior malware researcher Anton Cherepanov said the Kiev attack “should serve as a wake-up call for all those responsible for the security of critical systems around the world.”
The researcher described Industroyer as particularly concerning because “it’s capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).”
The work of Eset and Dragos highlights the need for governments around the world to bolster their defenses against highly damaging cyberattacks capable of causing widespread disruption to critical infrastructure. Rather than for monetary gain, such acts of cyberwarfare are often thought to be backed by nation-states as they have the potential to cause chaos within society and reduce a population’s confidence in its own government. It’s not certain who’s behind the Ukraine cyberattacks, though coming during a period of conflict with neighboring Russia has prompted some to suspect it could be the work of hackers based there.
News of the security firms’ discovery led the U.S. Department of Homeland Security to contact all critical infrastructure operators to ensure they are following recommended security procedures, Reuters reported on Monday.
Cherepanov added that hackers “could adapt the malware to any environment, which makes it extremely dangerous.”
