Skip to main content

Malware Can Take Down Electric Power Grids | Hack That


Last December, a cyber attack on Ukrainian Electric power grid caused the power outage in the northern part of Kiev — the country's capital — and surrounding areas, causing a blackout for tens of thousands of citizens for an hour and fifteen minutes around midnight.

Now, security researchers have discovered the culprit behind those cyber attacks on the Ukrainian industrial control systems.

Slovakia-based security software maker ESET and US critical infrastructure security firm Dragos Inc. say they have discovered a new dangerous piece of malware in the wild that targets critical industrial control systems and is capable of causing blackouts.

Dubbed "Industroyer" or "CrashOverRide," the grid-sabotaging malware was likely to be used in the December 2016 cyber attack against Ukrainian electric utility Ukrenergo, which the security firms say represents a dangerous advancement in critical infrastructure hacking.

According to the researchers, CrashOverRide is the biggest threat designed to disrupt industrial control systems, after Stuxnet — the first malware allegedly developed by the US and Israel to sabotage the Iranian nuclear facilities in 2009.

This Malware Does Not Exploit Any Software Flaw


  

Unlike Stuxnet worm, the CrashOverRide malware does not exploit any "zero-day" software vulnerabilities to do its malicious activities; instead, it relies on four industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems.

The CrashOverRide malware can control electricity substation' switches and circuit breakers, designed decades ago, allowing an attacker to simply turning off power distribution, cascading failures and causing more severe damage to equipment.

Industroyer malware is a backdoor that first installs four payload components to take control of switches and circuit breakers; and then connects to a remote command-and-control server to receive commands from the attackers.
"Industroyer payloads show the authors' in-depth knowledge and understanding of industrial control systems." ESET researchers explain.

"The malware contains a few more features that are designed to enable it to remain under the radar, to ensure the malware's persistence, and to wipe all traces of itself after it has done its job."

Since there have been four malware discovered in the wild to date that target industrial control systems, including Stuxnet, Havex, BlackEnergy, and CrashOverRide; Stuxnet and CrashOverRide were designed only for sabotage, while BlackEnergy and Havex were meant for conducting espionage.

"The functionality in the CRASHOVERRIDE framework serves no espionage purpose and the only real feature of the malware is for attacks which would lead to electric outages," reads Dragos analysis [PDF] of the malware.



Malware Can Cause Wider and Longer-Lasting Blackouts

 

 The analysis of the malware suggests CrashOverRide could cause power outages far more widespread, sophisticated and longer lasting than the one Ukraine suffered last December.

Dragos CEO Robert M. Lee said the CrashOverRide malware is capable of causing power outages that can last up to a few days in portions of a country's electric grid, but it is not capable enough to bring down the entire grid of a nation.

 

The malware includes interchangeable, plug-in components that could allow CrashOverRide to be altered to different electric power utilities or even launched simultaneous attacks on multiple targets.


"CrashOverRide is not unique to any particular vendor or configuration and instead leverages knowledge of grid operations and network communications to cause impact; in that way, it can be immediately re-purposed in Europe and portions of the Middle East and Asia," Dragos' paper reads. 
"CrashOverRide is extensible and with a small amount of tailoring such as the inclusion of a DNP3 [Distributed Network Protocol 3] protocol stack would also be effective in the North American grid."

According to the researchers, the malware can be modified to target other types of critical infrastructure, like transportation, gas lines, or water facilities, as well with additional protocol modules.

The security firms have already alerted government authorities and power grid companies about the dangerous threat, along with some advises that could help them to defend against this threat.

The security firms already argued that the 2016 power outage was likely caused by the same group of hackers who caused 2015 blackout — Sandworm, a state-sponsored hacking group believed to be from Russia.

Dragos tracked the perpetrators behind CrashOverRide as Electrum and assessed "with high confidence through confidential sources that Electrum has direct ties to the Sandworm team."

The security firms have already alerted government authorities and power grid companies about the dangerous threat, along with some advises that could help them to defend against this threat.

thanks to thehackernews.com
Labels:

Comments

Post a Comment

Popular posts from this blog

TCP Flood & IP Spoofing Tutorial - Hping3 (With Effective Tricks)

hping is a command-line oriented TCP/IP packet assembler/analyzer. Using hping3 you are able to perform at least the following stuff: Test firewall rules Testing Network performance using different protocols, packet size, TOS (type of service) and fragmentation Remote OS fingerprinting. TCP/IP stack auditing Today, we will use hping3 for testing network performance. In other words we will use it to do DDOS Attack Tests. We can start “Help Document” by typing “hping3 --help” on the command line. Hping3 Important Parameters :  The flood parameter : Activates the fastest packet sending mode The destport(p) parameter : Specifies the destination port The spoof(a) parameter : Specifies which IP Adress is to be spoofed The rand-source parameter : Activates the random source address mode Although the above parameters are important, it should be selected which flag is set to determine the main attack type.  Main Attack Types :  The syn(S) param...
Post a Comment
Read more

Increase computer performance by hidden REGISTRY HACK

Having a computer whatever it’s desktop or laptop we play games of do something crazy. We wants to make our computer faster and improve its performance. There’s a lot of video on youtube but this video is quite different. If you are looking for a cool way to improve computer performance this is the perfect video for you. In this video you are going to learn a cool registry hack. Don’t worry it’s legal. Let’s do it. First go to “RUN” and then type “regedit” Then follow my steps. Before doing this I’m recommending   you to clean up your registry errors. I personally use Ccleaner to do this. After all just restart your computer and watch the different. It will optimize your computer speed and you will get a cool gaming experience. I promise you this video will change your experience. You don’t need any extra software like Advanced System Care to Tune Up utilities. This is a hidden Microsoft secret that most of hackers use. Go crazy and enjoy it. Thanks for watching a...
Post a Comment
Read more

Dos&DDos Attacks - Zombie - Botnets

Hi all, today i am going to write about Dos & DDos Attacks. Cyber security is based on three components. These are Confidentiality, Integrity and Accessibility(CIA). This type of attack is in the class of accessibility component. The level of danger of Dos&DDos attacks is lower than the other attack types because there is no possibility of an attacker to infiltrate the system in this attack type.   There are some things that need to be known before they go to Dos & DDos attacks. If the incoming DDos attack is bigger than the bandwidth you have, there is nothing you can do. If you want to protect yourself in this case, you need to get support from your ISP. The majority of Dos & DDos attacks are not bandwidth attacks. You can not always out of service the victim. Sometimes you just slow it down. Dos Attacks(Denial of Service) Dos attacks are the type of attack to make systems unserviceable. Attackers perform Dos attacks ...
Post a Comment
Read more