Cybersecurity firms are warning that a new malware can be a threat to energy grids around the world. The malware, which has been dubbed both Crash Override and Industroyer, can cause power outages for up to a few days if it manages to infect a nation’s grid. Luckily, the Crash Override malware isn’t capable of leaving entire countries without power.
An analysis has shown that Crash Override was the malware behind the attack in Ukraine last year. In December 2016, cybercriminals managed to strike an electric transmission station near Kiev, Ukraine. The attack left some residents in the capital city without power for an hour. Researchers believe Crash Override is the same malware from 2016 because it had an activation time stamp of December 17th, which was the day of the widespread power outage. Officials in Ukraine and other security experts suspect that Russia backed the attacks on Ukraine’s energy grid, but Russia denies responsibility. The same Russian group that targeted Ukrainian systems in 2016 also tried to manually bring down the grid in 2015. The group, dubbed both Sandworm and Electrum by researchers, also targeted American industrial control systems in 2014.
The Crash Override malware can be detected if companies monitor the traffic on their networks. Network monitoring can help IT teams figure out if the Crash Override malware is sending messages to switch breakers or looking for the location of substations. Crash Override works by using the same technical protocols that grid systems use to communicate with each other. In the attack in Ukraine, the malware instructed devices to de-energize and re-energize substation lines.
Pieces of the Crash Override malware that weren’t turned on in the December 2016 attack have the potential to cause power outages that can last for a week, researchers believe. The malware can automate power outages, and has components that can be switched out so it can be adapted to utilities like water and gas. However, these capabilities haven’t yet been demonstrated. Crash Override can also erase the software that controls circuit breakers, which means the grid operator will have to revert to manual operations.
As geopolitical relationships become more complex, companies in the energy sector should find ways to protect their networks from malware. Below are a few tips for utility companies to use to avoid a power outage caused by a cyber-attack:
For the energy sector, cyber threat detection is the key to keeping citizens safe from power outages caused by malware. By using cybersecurity software to monitor for threats and limit user access, utility companies can help prevent a cyber-attack that can cause widespread damage.