• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Corporate Cyber Threats » Lights Out: Public Utilities Infected with Malware

Lights Out: Public Utilities Infected with Malware

2017-06-15 by Max

Lights Out: Public Utilities Infected with Malware

In 2016 there was a massive power outage in Ukraine. Now officials have finally found out what caused the power outages: malware. This malware was not part of an extortion scheme like WannaCrypt, but rather an attempt at controlling a countries’ infrastructure. The malware was found and analyzed by two companies, ESET and Dragos Inc. ESET is a Slovakian anti-virus software maker and Dragos is a US based infrastructure security firm. The name of the malware program is Industroyer or Crash Override. Ukrainian officials have blamed Russia for the attack, but Russia has fervently denied those claims.

ESET released a warning that Crash Override is a program that could be easily repurposed to do more than shut off power lines. Crash Override could infect and disable nuclear power plants as well as gas or water companies. Areas could lose access to their basic infrastructure, which could then be used as part of a ransomware attack. The US Department of Homeland Security (DHS) echoed ESET’s warning, saying that they have been working to better understand Crash Override so they can protect against it. They even warned that the virus could feasibly infect and disable US based companies and infrastructure.

Dragos, ESET, and the DHS have all published warnings on their webpages listing several symptoms to look out for in infected systems. They urge anyone suspecting that their systems have been compromised to contact them at once. Dragos founder Robert Lee believes that Crash Override is poised to attack power stations all over Europe, and for these attacks to be used as leverage against the United States. Lee feels that while the virus could disable portions of a power grid, and for several days, that it doesn’t pose a national level risk. That’s without modifications though, a souped up Industroyer could disable larger portions of the power grid and for longer.

Industroyer/Crash Override is a rare kind of malware, with only one other program being in the same class. That program, Stuxnet, was found in 2010 and is believed to have been developed/used by the United States and Israel against the Iranian nuclear program. What makes these two viruses dangerous is that they work without the need for physical intervention on the hackers part. Most malware programs that attack a utility require the perpetrator to physically be at that location, working with valves or dealing with other physical safeties. Industroyer overrides these, allowing someone from a thousand miles away to cripple a power plant or substation without ever having to be in the country.

Industroyer is difficult to detect, requiring the infected system to be constantly monitoring their traffic. Abnormal traffic volume or destinations is one of the indicators of an infection. This is because the program is trying to find the locations of substations, safeties, and other locations for it to wreak havoc in. Another is that the program will physically cause switches to flip, as well as flipping breakers and other safety devices as it tests the limits of its power. This testing makes Industroyer dangerous even while its still in the infection stage, where it is most vulnerable.

Filed Under: Corporate Cyber Threats

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version