POST Online Media Lite Edition


Cyber firms warn of malware that could cause power outages

Staff Writer |
Two cyber security firms said they have uncovered malicious software that they believe caused a December 2016 Ukraine power outage, warning that the malware could be easily modified to harm critical infrastructure operations around the globe.

Article continues below

ESET, a Slovakian anti-virus software maker, and Dragos Inc, a U.S. critical-infrastructure security firm, on Monday released detailed analyses of the malware, known Industroyer or Crash Override.

They said they had also issued private alerts to governments and infrastructure operators in a bid to help them defend against the threat.

They said they did not know who was behind the December Ukraine cyber attack. Ukraine has blamed Russia, though officials in Moscow have repeatedly denied blame.

Still, the security firms warned there could be more attacks using the same approach, either by the group that built the malware or copycats who modify the malicious software.

"The malware is really easy to re-purpose and use against other targets. That is definitely alarming," said ESET malware researcher Robert Lipovsky. "This could cause wide-scale damage to infrastructure systems that are vital."

Dragos founder Robert M. Lee said the malware is capable of attacking power systems across Europe and could be leveraged against the United States "with small modifications."

It is capable of causing outages of up to a few days in portions of a nation's grid, but is not potent enough to bring down a country's entire grid, Lee said.

With modifications, the malware could attack other types of infrastructure including local transportation providers, water and gas providers, Lipovsky said.

Industroyer is only the second piece of malware uncovered to date that is capable of disrupting industrial processes without the need for hackers to manually intervene after gaining remote access to the infected system.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran's nuclear program.

What to read next

New wave of cyber attacks hits Russia
Hackers entered U.S., European energy sector, says Symantec
Storms leave 150,000 without power in Michigan