Skip to main content

Cyber firms warn ‘Industroyer’ malware could knock out power grids

malware industroyer critical infrastucture 13920697  high voltage post tower sky background
Gyn9037/123RF
The December 2016 power grid hack in Ukraine that plunged part of that nation’s capital, Kiev, into darkness for several hours was an alarming display of the capabilities of skillful hackers determined to bring chaos to communities by knocking out critical infrastructure.

On Monday, two cyber security companies — Slovakia-based anti-virus software outfit Eset, and American firm Dragos that deals with critical-infrastructure security — claimed to have identified the malware that caused the disturbing power outage.

Known by the names Industroyer and Crashoverride, they warned that it could be repurposed with little effort by other groups intent on causing further havoc around the world targeting not only power supply operations, but also water and gas systems, and transportation networks.

Industroyer is believed to be considerably more advanced than the malware used in another attack on Ukraine’s power grid a year earlier, in December 2015.

Eset said it’s been studying the malware for a number of months and recently shared its data with Dragos, leading it to conclude that it’s same as that used in the Ukraine incident in 2016.

Robert Lee of Dragos suggested this week that the Kiev transmission substation targeted in last year’s incident “may have been more of a proof of concept attack than a full demonstration of the capability in Crashoverride,” though at this stage he said he couldn’t be certain.

Either way, Eset senior malware researcher Anton Cherepanov said the Kiev attack “should serve as a wake-up call for all those responsible for the security of critical systems around the world.”

The researcher described Industroyer as particularly concerning because “it’s capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).”

The work of Eset and Dragos highlights the need for governments around the world to bolster their defenses against highly damaging cyberattacks capable of causing widespread disruption to critical infrastructure. Rather than for monetary gain, such acts of cyberwarfare are often thought to be backed by nation-states as they have the potential to cause chaos within society and reduce a population’s confidence in its own government. It’s not certain who’s behind the Ukraine cyberattacks, though coming during a period of conflict with neighboring Russia has prompted some to suspect it could be the work of hackers based there.

News of the security firms’ discovery led the U.S. Department of Homeland Security to contact all critical infrastructure operators to ensure they are following recommended security procedures, Reuters reported on Monday.

Cherepanov added that hackers “could adapt the malware to any environment, which makes it extremely dangerous.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Apple 16-inch MacBook Pro: don’t make a mistake you’ll regret
The MacBook Pro open on a table in front of a couch.

When it comes to the best Apple laptops, the 16-inch MacBook Pro is the true flagship model. It contains the fastest chips, the most storage, and the largest and most impressive display. It’s also the most expensive MacBook Pro, easily costing you thousands of dollars with just a few upgraded components.

That makes it tricky to work out how you should configure it and which version you should buy. There may only be three main choices you have to make -- the chip, the memory and the storage -- but each one carries a lot of weight. It’s important to make the right decision when you pull the trigger.

Read more
Windows 12 could repeat Windows 11’s big mistake
surface laptop studio 2 review 07

The first details about Windows 12 are starting to take shape, and the rumored OS could repeat the biggest mistake of Windows 11. As we've heard previously, the new OS will likely have a big focus on AI features. Now, we're hearing that many of those features will require a dedicated Neural Processing Unit (NPU), as reported by Windows Central.

It's hard to forget the fumble Microsoft made with Windows 11 and its requirement of a Trusted Platform Module (TPM). This security chip isn't included, at least in hardware, on the majority of off-the-shelf PC components, leading many to believe their PC wasn't compatible with Windows 11 when it really was.

Read more
All the ways to lower your CPU temperatures, from easy to expert
Intel's 14900K CPU socketed in a motherboard.

If you're overclocking your processor, want to bring down noise levels, or just want to increase the longevity of your CPU, then lowering it's temperature is a great plan. There are a lot of ways you can do it, too, from the easy and cheap to the complicated and costly, and everything in-between.

Whatever your reasoning, here's how to lower your CPU temperatures in a few different ways.

Read more