While 2015 was rife with news of hackers stealing data from governments, health insurers and adultery sites, it looks like targeting our energy infrastructure might be the next big thing in cyberattacks.
Three regional power authorities in Ukraine were infected with malware last week, leading to a blackout across hundreds of thousands of homes in the Ivano-Frankivsk region.
Ukrainian news service TSN reported that the outage was the result of malware that disconnected electrical substations. Researchers from security firm iSIGHT Partners, who said that they had obtained samples of the malicious code, echoed the report.
If those findings are true, it would be the first-ever case of malware taking down a power grid.
John Hultquist, head of iSIGHT’s cyber espionage intelligence practice, told Ars Technica:
It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout. It’s the major scenario we’ve all been concerned about for so long.
Security software developer ESET noted on its blog that a trojan from the BlackEnergy malware family — which was first discovered in 2007 — might have been used to inject malicious code into the Ukrainian power authorities’ systems. The latest version of the tool has been found to include a secure shell (SSH) utility that can grant access to affected users’ systems.
ESET also reports that the Ukrainian power grid systems were infected using macro functions embedded in Microsoft Office documents.
Given our ever-increasing reliance on electronic devices, the ability to shut down power grids could be the ultimate tool for hackers to get their way.
In 2014, the hacker group behind BlackEnergy attacked numerous targets including the North Atlantic Treaty Organization (NATO), as well as Ukrainian and Polish government agencies. Although iSIGHT believes the group has ties to Russia, it isn’t clear exactly where it is based and what its aims are.
➤ First known hacker-caused power outage signals troubling escalation [Ars Technica]