An article posted in the Ukrainian news services TSN reported that massive outages suffered in the country were caused by highly destructive malware that infected at least three regional power authorities in Ukraine. The site reported that the only way to restore power was to return to manual methods, something that may be hard to do in other nations (including the U.S.).
ARS Technica reporting included information sourced from the highly regarded John Hultquist of iSIGHT Partners. Their reporting (First known hacker-caused power outage signals troubling escalation) includes:
“It’s a milestone because we’ve definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout,” John Hultquist, head of iSIGHT’s cyber espionage intelligence practice, told Ars. “It’s the major scenario we’ve all been concerned about for so long.”
Researchers from antivirus provider ESET have confirmed that multiple Ukrainian power authorities were infected by “BlackEnergy,” a package discovered in 2007 that was updated two years ago to include a host of new functions, including the ability to render infected computers unbootable. More recently, ESET found, the malware was updated again to add a component dubbed KillDisk, which destroys critical parts of a computer hard drive and also appears to have functions that sabotage industrial control systems. The latest BlackEnergy also includes a backdoored secure shell (SSH) utility that gives attackers permanent access to infected computers.
Opinion: This type of attack has been predicted for years and is the type of scenario that gave rise to scores of planning events and policy initiatives in the U.S., including the Clinton-era President’s Commission on Critical Infrastructure Protection, which gave rise to new constructs for helping the nation’s privately run infrastructures better think through ways to protect themselves and share information. But still, till today, the threat of a cyber attack against a power grid being able to bring down the grid was one that some felt was very unlikely.
Although intelligence professionals have gone on the record saying that our grids are being probed and that there are indications that some foreign states have placed logic bombs in portions of the grid, those types of warnings are not widely read and seem to be easily forgotten. The fact that a major attack has caused an outage like this should be considered in this context. This type of attack is a real scenario and the threat of it must be mitigated.
What should you do about this? Number one: Stay informed! Sign up now for our daily Threat Brief and stay on top of this topic. More action will be required of course to really mitigate this threat, but you can help contribute solutions if you know the threat and this daily report is a great way to do that.
- An OODAcast Conversation with Dr. David Bray of the Atlantic Council Geotech Center (Part One) - April 3, 2020
- OODAcast– A Conversation with Dan Gerstein - April 1, 2020
- Update on The End Coronavirus Project and Need for Volunteers - March 28, 2020