Potent malware targets electricity systems

June 12, 2017
New malware can take control of electricity substation switches and circuit breakers by accessing their decades-old communication protocols

Hackers have developed powerful malware that can shut down electricity distribution systems and possibly other critical infrastructure, two cyber security firms announced Monday, with one report linking it to Russia.

Slovakia-based ESET said the malware is the most powerful threat to appear since Stuxnet, the hacking tool used to sabotage Iran's nuclear program believed developed by US and Israeli intelligence.

ESET said the malware, which it dubbed Industroyer, may be behind the one-hour shutdown of power to the Ukraine capital Kiev last December.

The company said Industroyer's potent threat is that it works using the communication protocols designed decades ago and built into energy, transportation, water and gas systems around the world.

Making use of these poorly-secured protocols, Industroyer can take direct control of electricity substation switches and circuit breakers, giving hackers the ability to shut down power distribution and damage equipment.

The malware is the "biggest threat to industrial control systems since Stuxnet," ESET said, without indicating who was behind it.

But in a separate report on the same malware Monday, a second cyber security company, Dragos, tied it to a Russian hacker group called Sandworm which has been linked to the Russian government.

Dragos gave its own name to the malware, "CrashOverride," and said it is only the second-ever malware deployed for disrupting physical industrial processes, after Stuxnet.

"CrashOverride is not unique to any particular vendor or configuration, and instead leverages knowledge of grid operations and network communications to cause impact," Dragos said.

"In that way, it can be immediately re-purposed in Europe and portions of the Middle East and Asia."

In addition, it said, the malware could be adapted "with a small amount of tailoring" to render it potent against the North American power grid.

It said that the malware can be applied to work at several electricity substations at the same time, giving it the power to create a widespread power shutdown that could last for hours and potentially days.

Dragos said it had "high confidence" the was behind the outage in Kiev on December 17.

Explore further: Alarm grows over global ransomware attacks

Related Stories

Alarm grows over global ransomware attacks

May 12, 2017

Security experts expressed alarm Friday over a fast-moving wave of cyberattacks around the world that appeared to exploit a flaw exposed in documents leaked from the US National Security Agency.

Bell Canada customers hit by hackers

May 16, 2017

Bell Canada has been hacked and its customers' emails accessed illegally, the telecoms giant said Monday, stressing there was no link to the "WannaCry" malware case.

USB malware goes after air-gapped computers

March 26, 2016

Uh-oh. USB malware trouble again. Earlier this week, iTWire and other sites reported on USB-based malware that steals data. "USB Thief" is also described as Win32/PSW.Stealer.NAI affecting computers.

Recommended for you

Flying Dutch win world solar car race in Australia

October 12, 2017

Dominant Dutch team "Nuon" Thursday won an epic 3,000-kilometre (1,860-mile) solar car race across Australia's outback for the third-straight year in an innovative contest showcasing new vehicle technology.

Engineers identify key to albatross' marathon flight

October 11, 2017

The albatross is one of the most efficient travelers in the animal world. One species, the wandering albatross, can fly nearly 500 miles in a single day, with just an occasional flap of its wings. The birds use their formidable ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.