Various strains of malware have been impacting the critical infrastructure in the U.S. and beyond. Especially that of critical utility providers. Perhaps the most high-profile example occurred in late 2015 when roughly 100,000 Ukrainians were left in the dark following an apparent breach of several of the nation’s top energy companies. Upon investigating, researchers have come up with multiple theories for exactly how the hackers orchestrated the attack. What we do know is that they remotely accessed breakers of several power plants. The Department of Homeland Security has also identified KillDisk (which wipes certain targets on disk drives) as playing a role in corrupting the master boot record, thereby “rendering systems inoperable,” according to Ars Technica.
We also know that the cyberattack on Ukraine’s power grid is arguably the most terrifying hack to date. The ability to knock entire regions of a nation off the grid introduces horrific potential for other types of crime, making it a matter of national security.
The worst part of it is that utilities continue to be impacted by cyberthreats.
The Dangers Compound
In late April, Lansing Board of Water & Light (BWL), a Michigan-based utility organization, had several systems knocked offline. These included the accounting department, the customer support line for outages, and email services for up to 250 employees. The culprit was ransomware – a specific strain was never named. According to the Lansing State Journal, the utility did not pay the ransom, but faced about $2 million in remediation expenses.
Ransomware and KillDisk are hardly the only threats. The BlackEnergy family of malware is notoriously dangerous. BlackEnergy2, which was initially suspected in the Ukraine breach, is a modular, backdoor trojan that allows hackers to add plug-ins with additional capability. BlackEnergy3, which some researchers also believe played a role in knocking Ukraine’s grid offline, employs RAW sockets, enabling it to create its own network connections, which means it can mimic legitimate network addresses. This makes it difficult to detect, and a prime weapon for network surveillance. BlackEnergy3 is believed to spread through macros embedded in malicious MS documents.
Even a seemingly innocuous MS Word document can host malware capable of knocking out the power grid.
Looking Ahead
“The attack vectors will only continue to expand.”
Oil companies, water companies, mining organizations, electrical companies, natural gas utilities and more are all at very serious risk of being targeted by hackers. As utility infrastructure becomes smarter thanks to wireless capabilities, the attack vectors will only continue to expand.
Utility companies must protect endpoints and reverse any damage quickly in case of a malware attack. Using a reboot to restore solution will ensure malware or similar security threats are eliminated immediately and critical infrastructure is not affected.
To protect your critical infrastructure and to know more about our reboot to restore solution, contact Faronics today.