Infrastructure threatsStuxnet, the sequel: Dangerous malware aims to disrupt industrial control systems
A cybersecurity firm has identified a new, dangerous malware, dubbed Industroyer, capable of performing an attack on power supply infrastructure. The malware was likely involved in the December 2016 cyberattack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for over an hour. is capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. The potential impact may range from simply turning off power distribution, triggering a cascade of failures, to more serious damage to equipment.
ESET researchers have been analyzing samples of dangerous malware (detected by ESET as Win32/Industroyer, and named “Industroyer”) capable of performing an attack on power supply infrastructure. The malware was likely involved in the December 2016 cyberattack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for over an hour.
“The recent attack on the Ukrainian power grid should serve as a wake-up call for all those responsible for the security of critical systems around the world,” warns ESET Senior Malware Researcher Anton Cherepanov.
ESET researchers discovered that Industroyer is capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. The potential impact may range from simply turning off power distribution, triggering a cascade of failures, to more serious damage to equipment.
“Industroyer’s ability to persist in the system and to directly interfere with the operation of industrial hardware makes it the most dangerous malware threat to industrial control systems since the infamous Stuxnet, which successfully attacked Iran’s nuclear program and was discovered in 2010,” concludes Cherepanov.
Additional technical details on the malware and analysis can be found in an article and in a white paper on ESET’s blog, WeLiveSecurity.com.
Cybersecurity experts from Imperva and Tripwire commented on the threat:
Terry Ray, chief product strategist for Imperva said:
We are beginning to see an uptick in infrastructure attacks, and in the case of Industroyer, the attackers seem to have extensive knowledge about industrial control protocols. Since the industrial controls used in the Ukraine are the same in other parts of Europe, the Middle East and Asia, we could see more of these attacks in the future. And while these attackers seem to be content to disrupt the system, it’s not outside the realm of possibility that they could take things a step further and inflict damage to the systems themselves.
While ICS are used heavily in energy and water, both certainly critical infrastructure, it is also used in large scale automation, which can include, manufacturing, shipping, aerospace and other industries that should also take note of such exploits.
