June 12, 2017 by Canadian Underwriter
IT security company ESET Canada Inc. reported on Monday that its researchers have been analyzing samples of dangerous malware capable of performing an attack on power supply infrastructure.
The malware, named Industroyer by ESET, was likely involved in the December 2016 cyberattack on Ukraine’s power grid that resulted in power outages for over an hour in the capital of Kiev, the cybersecurity company suggested in a press release. “The recent attack on the Ukrainian power grid should serve as a wake-up call for all those responsible for the security of critical systems around the world,” ESET senior malware researcher Anton Cherepanov said.
According to ESET, Industroyer is capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems and other critical infrastructure. The potential impact may range from simply turning off power distribution, triggering a cascade of failures, to more serious damage to equipment, ESET reported.
A blog from Cherepanov on Monday said that what sets Industroyer apart from other malware-targetting infrastructure is its use of four payload components that are designed to gain direct control of switches and circuit breakers at an electricity distribution substation. Each of these components targets particular communication protocols specified in four standards. “Generally, the payloads work in stages whose goals are mapping the network, and then figuring out and issuing commands that will work with the specific industrial control devices,” the blog said. “Industroyer’s payloads show the authors’ deep knowledge and understanding of industrial control systems.”
The blog added that the malware also contains several features that are designed to enable it to remain under the radar, ensure its persistence and to wipe all traces of itself after it has done its job.
“Industroyer’s ability to persist in the system and to directly interfere with the operation of industrial hardware makes it the most dangerous malware threat to industrial control systems since the infamous Stuxnet, which successfully attacked Iran’s nuclear program and was discovered in 2010,” Cherepanov concluded.