CrashOverride Malware: U.S. Dept. of Homeland Security Warning to Electric Utilities
The U.S. Department of Homeland Security today issued a CrashOverride malware warning to electric utilities and power grid operators.
The warning, from the Computer Emergency Readiness Team’s (CERT’s) National Cybersecurity and Communications Integration Center (NCCIC), mentions public reports from ESET and Dragos that outline “a new highly capable Industrial Controls Systems (ICS) attack platform that was reportedly used in 2016 against critical infrastructure in Ukraine.”
CrashOverride: Potential Risks to Utilities
First, the good news: There is no evidence to suggest this malware has affected U.S. critical infrastructure, the CERT warning says.
However, the tactics, techniques, and procedures (TTPs) described as part of the CrashOverride malware could be modified to target U.S. critical information networks and systems, the warnings adds. Attacks associated with CrashOverride could degrade the U.S. grid’s reliability; cut off communications with field equipment; trigger Denial of Service (DoS) attacks; and render some Windows systems inert — requiring a rebuild or backup restore, the CERT alert said.
The CERT warning also describes how utilities can take a proactive stance against CrashOverride, including techniques for detection and potential mitigation of the malware.
CrashOverride and MSSPs
Some MSSPs, including N-Dimension Solutions, specifically support electric utilities and mitigate threats against smart power networks.
Among N-Dimension’s recent wins: Sulphur Spring Valley Electric Cooperative (SSVEC) leverages N-Dimension’s N-Sentinel Monitoring to protect its SCADA network and corporate network from cybersecurity threats.
MSSP Alert is checking in with N-Dimension to see if or how the MSSP is communicating with utilities about CrashOverride.