A long feared event has become a reality this past week when it was confirmed that hackers were behind the failure of a Ukrainian power grid. Destructive malware attacked at least three power authorities in the region left hundreds of thousands of people without power. Apparently the malware had disconnected electrical substations. This the very first time that it has been confirmed that hacking had caused a power outage.
It has long been a concern that hackers could eventually target utilities and other public services. Normally hacking has been restricted to individual computers and websites, however it has now spread into other means that can affect innocent bystanders and the general public. There are also concerns over how this could be used by terrorists such as ISIS.
According to the ARS Technica blog post, ESET security researchers discovered that the Ukrainian power stations were infected with a version of the “BlackEnergy” malware that has actually been around since 2007 and has since been updated a couple times – most recently to add functionality to access industrial computer infrastructure and control systems.
The BlackEnergy malware had, until now, been only used to spy on news organizations, power plants, and other industrial groups. ESET apparently did not completely say that the malware itself was responsible for the power outage, what they did say in their blog post was that the malware would give backdoor remote access to hackers, who could then enter the system and manually shut down the system. The BlackEnergy killdisk feature which is disk destructive could then make recovery that much more difficult.
The Sandworm gang–the group behind the BlackEnergy malware–have been slowly ramping up its features. Recently the malware had been used to infiltrate a Ukrainian news organization leading to the permanently loss of documents and video. The version that hit the power companies was similar, but had a much narrower target of destruction. It seemed to be made just to disable the power grid.
Although the Sandworm gang is known to have some ties to Russia, it is not known if this attack was based in Russia.
It will be interesting to see where the global security community takes this. Terrorists are increasingly taking to the computer and hacking as tools of terrorism, and the implications could be very bad. Although only a power outage and although it appears that it seems to be Russian security targeting the Ukraine, it’s not too early to speculate if this is the first step in a new direction that warfare and terrorism will take. With recent stories on how hacking planes could be possible and how even cars could be hacked, it’s essential that companies and industries put security first and foremost.
Even private individuals should be aware that hacking and malware have been on the rise, and protecting yourself with antimalware software is of the utmost importance. Enabling two factor authentication for accounts and using password managers to ensure your passwords are unique and complex are also great ways to ensure your online safety.
Follow our blog on Facebook in order to stay up to date on the latest in security news.