Eset blog "Industroyer: Biggest threat to industrial control systems since Stuxnet" https://www.welivesecurity.com/2017...eat-industrial-control-systems-since-stuxnet/
"Russia has developed a cyberweapon that can disrupt power grids, according to new research Hackers allied with the Russian government have devised a cyberweapon that has the potential to be the most disruptive yet against electric systems that Americans depend on for daily life, according to U.S. researchers. The malware, which researchers have dubbed CrashOverride, is known to have disrupted only one energy system — in Ukraine in December. In that incident, the hackers briefly shut down one-fifth of the electric power generated in Kiev..." https://www.washingtonpost.com/world/national-security/russia-has-developed-a-cyber-weapon-that-can-disrupt-power-grids-according-to-new-research/2017/06/11/b91b773e-4eed-11e7-91eb-9611861a988f_story.html?hpid=hp_rhp-top-table-main_russiascyber-810a:homepage/story "...with modifications, it could be deployed against U.S. electric transmission and distribution systems to devastating effect, said Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that studied the malware and issued a report on Monday..." https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
Maybe the thread title is a bit too much "sensational", I know, but it is the title of that Eset blog.
Eset Netherlands has a press-release about it. It is in Dutch. https://www.eset.com/nl/over/newsro...r-industriele-controlesystemen-sinds-stuxnet/
Good informative read on industrial systems controls and makes perfect sense in that another set of protocols (in this case machine industrial) can be used to map out systems for windows-style infiltrations. This is not only possible but can be expected anymore if not tightly wound in some closed loop circuit with some form of loggings/preventions/mitigations put into place. It would appear a good safety procedure also to have those analog systems kept up in event of such a disruption. Anymore on this? Thanks
lotuseclat79 posted here a link to an article at ArsTechnica: Found: “Crash Override” malware that triggered Ukrainian power outage https://arstechnica.com/security/20...y-sabotage-electric-grids-but-its-no-stuxnet/ PS: thanks Ron for keeping it all in one thread.
US-CERT has raised Alert (TA17-163A) CrashOverride Malware https://www.us-cert.gov/ncas/alerts/TA17-163A
For the Dutch readers: there is today an article at security.nl : Experts: Industroyer-malware niet te vergelijken met Stuxnet https://www.security.nl/posting/519213/Experts: Industroyer-malware niet te vergelijken met Stuxnet ========== ========== It is that Dutch article where I found this English article at Motherboard/Vice : The Malware Used Against The Ukrainian Power Grid Is More Dangerous Than Anyone Thought https://motherboard.vice.com/en_us/article/ukraine-power-grid-malware-crashoverride-industroyer Interesting article there! They had contact with Robert M. Lee, co-founder of Dragos. Dragos and Eset looked both at it. Dragos calls it CrashOverride. Eset calls it Industroyer.
The Internet Of Things (IoT) goes far beyond computers.... so much of our daily life is dependent on the proper functioning of software. For a grocery store for example, the shutdown of POS terminals could mean a significant loss of business as well inconvenience to customers, as I've personally witnessed. The damage hackers can do is more than just to our software/hardware; it can threaten human existence itself. Nowadays - we truly live in an interconnected world far more than we realize. The IoT is already here.
True enough, but still IMO while mankind in this now 2000's age is zooming along with all the communication tech full speed ahead, it boils down and things always seem to return right back to square one again at some point as a reminder that we never will be too very far away from the industrial machine age basics. They (the machines) just got some dress up better known as computers and either all the hassle or all the convenience that comes along with the territory. IoT is that age old common practice of roll 'em out off the assembly line (as fast as you can) to the market consumers and let them deal with the consequences. It all comes back to Quality Control. If something is deemed unsafe (or just plain won't work as expected) it either gets pulled, or just like some manufacturing factories that I worked at before, they might just ignore the problem runs and Ship It! anyway. Obviously consequences of disruption or worse doesn't really matter that much to them until some solid standard is applied to prevent against the misuse of these grown up toys. Trouble is, these grown ups toys have been put in charge of too many places of importance that demand responsibility and accountability.
Forgive me, but could we please leave discussions about The Internet Of Things (IoT) out of this thread. We are talking here about Industrial Control Systems (ICS). That is a bit different than the Internet Of Things (IoT). OK, yes, there may be some analogies, but that's it. We have other threads to discuss the Internet Of Things (IoT). Thanks! BTW: Industrial Control Systems (ICS) operated by telemetry existed long before we ever heard of the expression "Internet Of Things (IoT)".
Industry Reactions to 'CrashOverride' Malware: Feedback Friday http://www.securityweek.com/industry-reactions-crashoverride-malware-feedback-friday
Thank you both itman and Minimalist for the links. ===== Some thoughts that crossed my mind. There are more aspects to datacommunication in general. Sometimes I wonder why they are not-mentioned/ignored/forgotten. There could be all kind of reasons for that. They don't belong in a specific article, they are outside the interest of the authors, etc. etc. There can be all kind of legitimate reasons. Nevertheless in general and in a broader perspective: there are more aspects to datacommunication. The Eset article. In the title this part "decades ago": yes, I pointed to that too. In the title "with no security in mind" and this quote from the article "The biggest problem, however, is that these industrial systems and the communication protocols that they are using – that Industroyer is targeting – are used worldwide and were developed decades ago without security in mind". It depends on how you look at it, in which broader perspective you look at datacommunication, on how much in general you are speaking. But to me it is a bit too much to say that there was no security in mind. In general, in a broader perspective it is not true in all cases.
New study hints at the potential motives behind the 2016 blackout in Ukraine September 14, 2019 https://www.neowin.net/news/new-stu...-motives-behind-the-2016-blackout-in-ukraine? Paper: "CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack" (PDF - 977 KB): https://dragos.com/wp-content/uploads/CRASHOVERRIDE.pdf
Sandworm hackers fail to take down Ukrainian energy provider https://www.bleepingcomputer.com/news/security/sandworm-hackers-fail-to-take-down-ukrainian-energy-provider/ April 12, 2022 "The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware." ... "Researchers at cybersecurity company ESET collaborating with the Ukrainian Computer Emergency Response Team (CERT) to remediate and protect the attacked network say that they do not know how the attacker compromised the environment or how they managed to move from the IT network into the ICS environment." ... "The ICS malware used in the attack is now tracked as Industroyer2 and ESET assesses "whith high confidence" that it was built using the source code of Industroyer used in 2016 to cut the power in Ukraine and attributed to the state-sponsored Russian hacking group Sandworm." Russia's Sandworm Hackers Attempted a Third Blackout in Ukraine https://www.wired.com/story/sandworm-russia-ukraine-blackout-gru/ Apr 12, 2022 "The attack was the first in five years to use Sandworm's Industroyer malware, which is designed to automatically trigger power disruptions." Ukrainian power grid 'lucky' to withstand Russian cyber-attack https://www.bbc.com/news/technology-61085480 Apr 12, 2022
Industroyer2: Industroyer reloaded https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/ 12 Apr 2022 - 11:28AM "This is a developing story and the blogpost will be updated as new information becomes available." "The blogpost presents the analysis of a cyberattack against a Ukrainian energy provider."
