But Assante, who in 2007 led a team of researchers that showed how a massive diesel generator could be physically and permanently broken with only digital commands, says the Siprotec attack might also have a more destructive function. That attack might be intended to merely cut off access to circuit breakers after the malware opens them, preventing the operators from easily turning the power back on, says Mike Assante, a power grid security expert and instructor at the SANS Institute. A Siemens spokesperson points to a firmware update the company released for its vulnerable Siprotec devices in July of 2015, and suggests that owners of the digital relays patch them if they haven't already.) 1 (Dragos, for its part, couldn't independently confirm that the Siemens attack was included in the malware sample they analyzed. But by sending that Siemens device a carefully crafted chunk of data, the malware could disable it, leaving it offline until it's manually rebooted. The Siprotec device gauges the charge of grid components, sends that information back to its operators, and automatically opens circuit breakers if it detects dangerous power levels. ESET's researchers say one aspect of the malware exploits a known vulnerability in a piece of Siemens equipment known as a Siprotec digital relay. ![]() They argue that those features suggest Crash Override could inflict outages far more widespread and longer lasting than the Kiev blackout.Īnother disturbing but less understood feature of the program, according to ESET, suggests an extra capability that hackers could potentially use to cause physical damage to power equipment. The researchers say this new malware can automate mass power outages, like the one in Ukraine’s capital, and includes swappable, plug-in components that could allow it to be adapted to different electric utilities, easily reused, or even launched simultaneously across multiple targets. The first, Stuxnet, was used by the US and Israel to destroy centrifuges in an Iranian nuclear enrichment facility in 2009. The researchers describe that malware, which they’ve alternately named “Industroyer” or “Crash Override,” as only the second-ever known case of malicious code purpose-built to disrupt physical systems. plan today to release detailed analyses of a piece of malware used to attack the Ukrainian electric utility Ukrenergo seven months ago, what they say represents a dangerous advancement in critical infrastructure hacking. The hackers appear to have been testing the most evolved specimen of grid-sabotaging malware ever observed in the wild.Ĭybersecurity firms ESET and Dragos Inc. But now cybersecurity researchers have found disturbing evidence that the blackout may have only been a dry run. The outage lasted about an hour-hardly a catastrophe. ![]() ![]() At midnight, a week before last Christmas, hackers struck an electric transmission station north of the city of Kiev, blacking out a portion of the Ukrainian capital equivalent to a fifth of its total power capacity.
0 Comments
Leave a Reply. |