Cyber firms warn ‘Industroyer’ malware could knock out power grids

malware industroyer critical infrastucture 13920697  high voltage post tower sky background
Gyn9037/123RF
The December 2016 power grid hack in Ukraine that plunged part of that nation’s capital, Kiev, into darkness for several hours was an alarming display of the capabilities of skillful hackers determined to bring chaos to communities by knocking out critical infrastructure.

On Monday, two cyber security companies — Slovakia-based anti-virus software outfit Eset, and American firm Dragos that deals with critical-infrastructure security — claimed to have identified the malware that caused the disturbing power outage.

Known by the names Industroyer and Crashoverride, they warned that it could be repurposed with little effort by other groups intent on causing further havoc around the world targeting not only power supply operations, but also water and gas systems, and transportation networks.

Industroyer is believed to be considerably more advanced than the malware used in another attack on Ukraine’s power grid a year earlier, in December 2015.

Eset said it’s been studying the malware for a number of months and recently shared its data with Dragos, leading it to conclude that it’s same as that used in the Ukraine incident in 2016.

Robert Lee of Dragos suggested this week that the Kiev transmission substation targeted in last year’s incident “may have been more of a proof of concept attack than a full demonstration of the capability in Crashoverride,” though at this stage he said he couldn’t be certain.

Either way, Eset senior malware researcher Anton Cherepanov said the Kiev attack “should serve as a wake-up call for all those responsible for the security of critical systems around the world.”

The researcher described Industroyer as particularly concerning because “it’s capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).”

The work of Eset and Dragos highlights the need for governments around the world to bolster their defenses against highly damaging cyberattacks capable of causing widespread disruption to critical infrastructure. Rather than for monetary gain, such acts of cyberwarfare are often thought to be backed by nation-states as they have the potential to cause chaos within society and reduce a population’s confidence in its own government. It’s not certain who’s behind the Ukraine cyberattacks, though coming during a period of conflict with neighboring Russia has prompted some to suspect it could be the work of hackers based there.

News of the security firms’ discovery led the U.S. Department of Homeland Security to contact all critical infrastructure operators to ensure they are following recommended security procedures, Reuters reported on Monday.

Cherepanov added that hackers “could adapt the malware to any environment, which makes it extremely dangerous.”

Emerging Tech

With cameras that know dogs from Dodges, Honda is making intersections safer

Honda and the city of Marysville, Ohio are working on creating a smart intersection. The goal would not only help better direct the flow of traffic, it could also help save the lives of pedestrians and cyclists.
Computing

Personal info of 30,000-plus Pentagon employees compromised in contractor breach

The Pentagon is facing another security problem after it was discovered that a contractor was responsible for a leak of data that affected more than 30,000 Pentagon employees, both civilian and military.
Emerging Tech

Will we ever fly supersonic again? Unraveling the concorde’s complex legacy

In a new book, Last Days of the Concorde, journalist and author Samme Chittum delves into the mindset that inspired engineers to design this marvel, the series of events that led to its fatal crash, and the possibility that commercial SSTs…
Movies & TV

The best movies on Netflix in October, from 'The Witch’ to ‘Black Panther’

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, subdued humor, or anything in between.
Computing

Did your Windows 10 audio stop working after the update? Microsoft has a fix

Microsoft has released a small patch for its October 2018 Update build of Windows 10 following some users facing audio issues that resulted in no sound output at all. After this fix, that problem should disappear for good.
Photography

Adobe’s Premiere Rush is a video-editing app designed for social media projects

At Adobe MAX 2018, Adobe unveiled updates across the board for all of its Creative Cloud apps, from the release of Premiere Rush CC, a social-focused video editor, to Project Gemini, a digital drawing and painting tool.
Computing

World’s first 49-inch, dual QHD curved monitor tops Dell’s new line of displays

Dell's world's first 49-inch dual QHD curved monitor and other new displays come packed with innovative design features and technologies aimed at meeting demands of workflows everywhere.
Computing

Updated Intel processor benchmarks still beat AMD Ryzen competitor, but by less

After some controversy, updated Principled Technologies testing shows the Intel i9-9900K with a reduced lead over the AMD Ryzen 2700X in benchmarks, and with the AMD Ryzen 2700 X seeing better performance. 
Home Theater

HDMI 2.0b is a whole lot more than just a connection to your TV

HDMI 2.0b is the backbone for many of the latest updates in 4K UHD technology. And while a new cable standard can often involve a bunch of changes for consumers, that is not the case this time around.
Computing

Memory is still expensive, but Intel’s 9th-gen CPU lets you have 128GB of it

Intel's 9-series CPUs have a few exciting things going for them but for some, new support for double height memory modules with a maximum system capacity of 128GB could be one of them.
Computing

Your ‘Do Not Track’ tool might be helping websites track you, study says

New research from the "Do Not Track" features embedded in popular browsers are being ignored, opening up the possibility of consumers having their information targeted by specific ads based on their web histories and cookies. 
Computing

Which is best: The Lenovo ThinkPad X1 Extreme or the 15-inch MacBook Pro?

To try and help nail down the best 15-inch laptops in the world, we compared the Lenovo ThinkPad X1 Extreme vs. MacBook Pro 15 in a head to head that looked at their power, design, and portability.
Computing

Microsoft co-founder, Seahawks owner Paul Allen dies at 65

Microsoft co-founder Paul Allen died on October 15 of complications from non-Hodgkin's lymphoma. The cancer survivor was best known for his entrepreneurial spirit and his frequent contributions to charities.
Product Review

Don't bother with any other 2-in-1. The Surface Pro 6 is still the best

The Surface Pro been updated to its sixth generation, now coming dressed in black and packing a quad-core processor. Outside of that, you’ll have to dig a little deeper to see where Microsoft has made some truly noteworthy improvements.