Crash Override, Industroyer Malware Threaten Power Grids, Electric Utilities
Electric companies, power providers and utilities are striving to protect themselves from newly discussed malware called Crash Override (aka Industroyer). The malware, allegedly involving Electrum hacker group. was likely used in a December 2016 attack that triggered power outages in Ukraine, according to ESET and Dragos.
Updated 10:00 p.m. ET June 12, 2017: U.S. Department of Homeland Security’s CrashOverride Warning and Recommendations.
According to a Dragos report released today:
“CRASHOVERRIDE is a malware framework that has not been disclosed before today but is the capability used in the cyber-attack on the Ukraine electric grid in 2016 (not the 2015 attack). Dragos can also confirm that we are tracking the adversary group behind the attack as ELECTRUM and can assess with high confidence the group has direct ties to the Sandworm Team which targeted infrastructure companies in the United States and Europe in 2014 and Ukraine electric utilities in 2015.”
The industry report contains everything that defenders need to analyze the threat, defend their systems, and understand the potential impact, Dragos asserted.
ESET: Industroyer Threat Is Huge
In a similar statement today, ESET researchers say they have been analyzing samples of dangerous malware (detected by ESET as Win32/Industroyer, and named “Industroyer”) capable of performing an attack on power supply infrastructure. The malware, ESET says, was likely involved in the December 2016 cyberattack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for over an hour.
According to ESET, Industroyer is:
“capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. The potential impact may range from simply turning off power distribution, triggering a cascade of failures, to more serious damage to equipment.
Industroyer is the most dangerous malware threat to industrial control systems since the alleged Stuxnet attacks on Iran’s nuclear program, ESET claims.
Security companies such as Kaspersky Lab have warned for more than a decade that mission critical infrastructure — power plants, transportation systems and communication systems — are obvious, poorly secured targets for modern day cyberhackers.
The movie Zero Days discusses infrastructure security and Stuxnet — allegedly developed by the United States — in great detail.