Industroyer: Biggest threat to industrial control systems since Stuxnet

Discussion in 'other security issues & news' started by FanJ, Jun 12, 2017.

  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,891
    Eset blog "Industroyer: Biggest threat to industrial control systems since Stuxnet"
    https://www.welivesecurity.com/2017...eat-industrial-control-systems-since-stuxnet/

     
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,552
    Location:
    DC Metro Area
    "Russia has developed a cyberweapon that can disrupt power grids, according to new research

    Hackers allied with the Russian government have devised a cyberweapon that has the potential to be the most disruptive yet against electric systems that Americans depend on for daily life, according to U.S. researchers.

    The malware, which researchers have dubbed CrashOverride, is known to have disrupted only one energy system — in Ukraine in December. In that incident, the hackers briefly shut down one-fifth of the electric power generated in Kiev..."

    https://www.washingtonpost.com/world/national-security/russia-has-developed-a-cyber-weapon-that-can-disrupt-power-grids-according-to-new-research/2017/06/11/b91b773e-4eed-11e7-91eb-9611861a988f_story.html?hpid=hp_rhp-top-table-main_russiascyber-810a:homepage/story

    "...with modifications, it could be deployed against U.S. electric transmission and distribution systems to devastating effect, said Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that studied the malware and issued a report on Monday..."

    https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,891
    Maybe the thread title is a bit too much "sensational", I know, but it is the title of that Eset blog.
     
    Last edited: Jun 12, 2017
  4. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,891
  5. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,891
    Hawki,
    Thanks for that article in The Washington Post.
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,330
    Location:
    U.S.A. (South)
    Good informative read on industrial systems controls and makes perfect sense in that another set of protocols (in this case machine industrial) can be used to map out systems for windows-style infiltrations.

    This is not only possible but can be expected anymore if not tightly wound in some closed loop circuit with some form of loggings/preventions/mitigations put into place.

    It would appear a good safety procedure also to have those analog systems kept up in event of such a disruption.

    Anymore on this? Thanks
     
    Last edited: Jun 12, 2017
  7. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    I'd be suprised if any government is still using Windows for anything 5 years from now.
     
  8. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,891
  9. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,891
  10. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,891
    For the Dutch readers: there is today an article at security.nl :
    Experts: Industroyer-malware niet te vergelijken met Stuxnet
    https://www.security.nl/posting/519213/Experts: Industroyer-malware niet te vergelijken met Stuxnet

    ==========
    ==========

    It is that Dutch article where I found this English article at Motherboard/Vice :
    The Malware Used Against The Ukrainian Power Grid Is More Dangerous Than Anyone Thought
    https://motherboard.vice.com/en_us/article/ukraine-power-grid-malware-crashoverride-industroyer

    Interesting article there! They had contact with Robert M. Lee, co-founder of Dragos. Dragos and Eset looked both at it.
    Dragos calls it CrashOverride.
    Eset calls it Industroyer.
     
  11. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,391
    The Internet Of Things (IoT) goes far beyond computers.... so much of our daily life is dependent on the proper functioning of software.

    For a grocery store for example, the shutdown of POS terminals could mean a significant loss of business as well inconvenience to customers, as I've personally witnessed.

    The damage hackers can do is more than just to our software/hardware; it can threaten human existence itself.

    Nowadays - we truly live in an interconnected world far more than we realize. The IoT is already here.
     
  12. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,330
    Location:
    U.S.A. (South)
    True enough, but still IMO while mankind in this now 2000's age is zooming along with all the communication tech full speed ahead, it boils down and things always seem to return right back to square one again at some point as a reminder that we never will be too very far away from the industrial machine age basics.

    They (the machines) just got some dress up better known as computers and either all the hassle or all the convenience that comes along with the territory.

    IoT is that age old common practice of roll 'em out off the assembly line (as fast as you can) to the market consumers and let them deal with the consequences. It all comes back to Quality Control. If something is deemed unsafe (or just plain won't work as expected) it either gets pulled, or just like some manufacturing factories that I worked at before, they might just ignore the problem runs and Ship It! anyway. :eek:

    Obviously consequences of disruption or worse doesn't really matter that much to them until some solid standard is applied to prevent against the misuse of these grown up toys.

    Trouble is, these grown ups toys have been put in charge of too many places of importance that demand responsibility and accountability.
     
  13. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,891
    Forgive me, but could we please leave discussions about The Internet Of Things (IoT) out of this thread.
    We are talking here about Industrial Control Systems (ICS). That is a bit different than the Internet Of Things (IoT). OK, yes, there may be some analogies, but that's it.
    We have other threads to discuss the Internet Of Things (IoT). Thanks!

    BTW: Industrial Control Systems (ICS) operated by telemetry existed long before we ever heard of the expression "Internet Of Things (IoT)".
     
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,378
    Location:
    U.S.A.
    Industry Reactions to 'CrashOverride' Malware: Feedback Friday
    http://www.securityweek.com/industry-reactions-crashoverride-malware-feedback-friday
     
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,324
    Location:
    Slovenia
    https://www.welivesecurity.com/2017...ew-ics-developed-decades-ago-no-security-mind
     
  16. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    3,891
    Thank you both itman and Minimalist for the links.

    =====

    Some thoughts that crossed my mind.

    There are more aspects to datacommunication in general. Sometimes I wonder why they are not-mentioned/ignored/forgotten. There could be all kind of reasons for that. They don't belong in a specific article, they are outside the interest of the authors, etc. etc. There can be all kind of legitimate reasons. Nevertheless in general and in a broader perspective: there are more aspects to datacommunication.

    The Eset article.
    In the title this part "decades ago": yes, I pointed to that too.
    In the title "with no security in mind" and this quote from the article "The biggest problem, however, is that these industrial systems and the communication protocols that they are using – that Industroyer is targeting – are used worldwide and were developed decades ago without security in mind". It depends on how you look at it, in which broader perspective you look at datacommunication, on how much in general you are speaking. But to me it is a bit too much to say that there was no security in mind. In general, in a broader perspective it is not true in all cases.
     
    Last edited: Jun 20, 2017
  17. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Last edited: Jun 20, 2017
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,324
    Location:
    Slovenia
  19. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    38,081
    New study hints at the potential motives behind the 2016 blackout in Ukraine
    September 14, 2019
    https://www.neowin.net/news/new-stu...-motives-behind-the-2016-blackout-in-ukraine?
    Paper: "CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack"
    (PDF - 977 KB): https://dragos.com/wp-content/uploads/CRASHOVERRIDE.pdf
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.