Cybersecurity Firms Uncover Malware That Could Cause Power Outages Around The Globe | HuffPost

“This could cause wide-scale damage to infrastructure systems that are vital.”

By Jim Finkle— Reuters

June 12 (Reuters) - Two cyber security firms have uncovered malicious software that they believe caused a December 2016 Ukraine power outage, they said on Monday, warning the malware could be easily modified to harm critical infrastructure operations around the globe.

ESET, a Slovakian anti-virus software maker, and Dragos Inc, a U.S. critical-infrastructure security firm, released detailed analyzes of the malware, known as Industroyer or Crash Override, and issued private alerts to governments and infrastructure operators to help them defend against the threat.

The U.S. Department of Homeland Security said it was investigating the malware, though it had seen no evidence to suggest it has infected U.S. critical infrastructure.

The two firms said they did not know who was behind the cyber attack. Ukraine has blamed Russia, though officials in Moscow have repeatedly denied blame.

Still, the firms warned that there could be more attacks using the same approach, either by the group that built the malware or copycats who modify the malicious software.

“The malware is really easy to re-purpose and use against other targets. That is definitely alarming,” said ESET malware researcher Robert Lipovsky said in a telephone interview. “This could cause wide-scale damage to infrastructure systems that are vital.”

The Department of Homeland Security corroborated that warning, saying it was working to better understand the threat posed by Crash Override.

“The tactics, techniques and procedures described as part of the Crash Override malware could be modified to target U.S. critical information networks and systems,” the agency said in an alert posted on its website.

Dragos founder Robert M. Lee said the malware was capable of attacking power systems across Europe and could be leveraged against the United States "with small modifications."

aydinmutlu via Getty Images

The alert posted some three dozen technical indicators that a system had been compromised by Crash Override and asked firms to contact the agency if they suspected their systems were compromised by the malware.

Dragos founder Robert M. Lee said the malware was capable of attacking power systems across Europe and could be leveraged against the United States “with small modifications.”

It is able to cause outages of up to a few days in portions of a nation’s grid, but is not potent enough to bring down a country’s entire grid, Lee said by phone.

With modifications, the malware could attack other types of infrastructure including local transportation providers, water and gas providers, Lipovsky said.

Power firms are concerned there will be more attacks, Alan Brill, a leader of Kroll’s cyber security practice, said in a telephone interview.

“You are dealing with very smart people who came up with something and deployed it,” Brill said. “It represents a risk to power distribution organizations everywhere.”

Industroyer is only the second piece of malware uncovered to date that is capable of disrupting industrial processes without the need for hackers to manually intervene.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

A spokesman for Ukraine’s state cyber police said it was not clear whether the malware was used in the December 2016 attack. Ukraine’s state-run Computer Emergency Response Team did not immediately respond to requests for comment.

The Kremlin and Russia’s Federal Security Service did not reply to requests for comment.

Crash Override can be detected if a utility monitors its network for abnormal traffic, including signs the malware is searching for the location of substations or sending messages to switch breakers, according to Lee, a former U.S. Air Force cyber warfare operations officer.

Malware has been used in other disruptive attacks on industrial targets, including the 2015 Ukraine power outage, but in those cases human intervention was required.

ESET said it had been analyzing the malware for several months and had held off on going public to preserve the integrity of investigations into the power system hack.

ESET last week provided samples with Dragos, which said it was able to confirm the malware was used in the Ukraine grid attack.

Our 2024 Coverage Needs You

As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.

Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.

Contribute as little as $2 to keep our news free for all.

Can't afford to donate? Support HuffPost by creating a free account and log in while you read.

Support HuffPost

Before You Go

The Five Largest Solar Power Plants In The U.S.

The Solar Star Projects -- Antelope Valley, California(01 of05)

This 579-megawatt facility is the world's largest photovoltaic power plant and generates enough electricity to power approximately 255,000 homes. (credit:Courtesy of SunPower)

Topaz Solar Farm -- San Luis Obispo County, California(02 of05)

The 550-megawatt facility, as pictured from space, produces enough electricity to power about 180,000 homes. (credit:NASA Earth Observatory/Flickr)

Desert Sunlight Solar Farm -- Desert Center, California(03 of05)

Photo-voltaic solar cells sit in the sun at the 550-megawatt Desert Sunlight Solar Farm during a dedication ceremony for the facility on Feb. 9 in Desert Center, California. (credit:Marcus Yam via Getty Images)

Copper Mountain Solar Complex -- Boulder City, Nevada(04 of05)

President Barack Obama smiles while speaking at Sempra U.S. Gas & Power's Copper Mountain Solar 1 facility in 2012. The Copper Mountain photovoltaic complex collectively generates 458 megawatts, enough energy to power approximately 142,000 homes. (credit:Ethan Miller via Getty Images)

Ivanpah Solar Electric Generating System -- Mojave Desert, California(05 of05)

Two of the three units at the 392-megawatt Ivanpah Solar Electric Generating System are seen operating in the Mojave Desert in California near Primm, Nevada. The largest solar thermal power-tower system in the world, it uses 347,000 computer-controlled mirrors to focus sunlight onto boilers on top of three 459-foot towers, where water is heated to produce steam to power turbines providing power to more than 140,000 California homes. (credit:Ethan Miller via Getty Images)

Suggest a correction

|

From Our Partner

HuffPost Shopping's
Best Finds

AirPods Are On Sale For The Lowest Price This Year

The 1 Shoe Podiatrists Say You Should Try If You’re On Your Feet A Lot

This Affordable Drugstore Cream Might Be The Closest Thing To The Famous La Mer

These Comfortable Slip-On Shoes Can Really Help Folks With Limited Mobility

Reviewers Are Obsessed With These Comfortable Sneaker Sandals — Here's Why