Not to long ago, ransomware crippled computer systems around the world. The virus dubbed ‘Wannacry’ left hospitals, businesses, police stations, and some sectors of government totally at a standstill. However, that attack is nothing compared to what could happen in the event of the ‘Industroyer’ attack.
Not too long ago, the news surrounding the Ukraine crisis blazed headlines globally, during that time two events sparked intrigue among many investigators of the crisis, and they are the blackouts of 2015 and 2016. Six months into the aftermath of the Ukraine crisis, researchers are investigating the blackout event that struck Ukraine in 2016, and their tale for what it could mean for the rest of the World is daunting.
The researchers claim that the malware used to cause the Ukraine blackout, dubbed “Industroyer” and “Crash Override,” could ‘easily’ be converted for use in other nations.
The cyber attack was analyzed by researchers from Slovakia’s ESET and the US’s Dragos, and they claim that the virus used was the second known case of a virus built and released specifically to disrupt industrial control systems. The first was Stuxnet, which disrupted the Iranian nuclear program.
The virus attacks electricity substations and circuit breakers using industrial communication protocols which are standardized across a number of types of critical infrastructure – from power, water and gas supply to transportation control.
The bad news is that those communication protocols date back decades and long before security practices such as encryption and authentication were standardized. The only main point of security these stations have is that they are not directly connected to the internet.
According to ESET, this is what makes the Industroyer so deadly; “The problem is that these protocols were designed decades ago, and back then industrial systems were meant to be isolated from the outside world,” says Anton Cherepanov, a senior malware researcher at the firm. “Thus, their communication protocols were not designed with security in mind. That means that the attackers didn’t need to be looking for protocol vulnerabilities; all they needed was to teach the malware ‘to speak’ those protocols.”
The lack of security could allow the virus to attack multiple types of critical infrastructure with only minor changes. “Attackers could adapt the malware to any environment,” says Cherepanov, “which makes it extremely dangerous.”
Andrew Clarke, of security firm One Identity, said: “This is as scary as it sounds. First, it’s very difficult to detect because it uses known and allowable code yet in nefarious modes. In addition, we’re not talking about stealing some incriminating photos from some celebrities cloud storage location. This is controlling the power grid. It means that hospitals could lose power mid-surgery. Or traffic lights cut out causing accidents.”
Often theorized is the possibility of a ‘grid-down’ situation in America, and the Industroyer attack released on American soil could cripple our infrastructure. To make matters even worse, the virus damages the PC itself, rendering it unbootable and potentially elongating any resultant blackout.
The good news, according to the Department of Homeland Security, there is no indication that the Industroyer has infected US critical infrastructure.
Whether it be by virus, solar flare, nuclear warhead, or the government themselves, the possibility of a grid down situation is always relevant because the government and industry leaders refuse to update security protocols.