Malware Mayhem : Utility Providers Are Being Bombarded With Cyberthreats

Various strains of malware have been impacting the critical infrastructure in the U.S. and beyond. Especially that of critical utility providers. Perhaps the most high-profile example occurred in late 2015 when roughly 100,000 Ukrainians were left in the dark following an apparent breach of several of the nation’s top energy companies. Upon investigating, researchers have come up with multiple theories for exactly how the hackers orchestrated the attack. What we do know is that they remotely accessed breakers of several power plants. The Department of Homeland Security has also identified KillDisk (which wipes certain targets on disk drives) as playing a role in corrupting the master boot record, thereby “rendering systems inoperable,” according to Ars Technica.

We also know that the cyberattack on Ukraine’s power grid is arguably the most terrifying hack to date. The ability to knock entire regions of a nation off the grid introduces horrific potential for other types of crime, making it a matter of national security.

The worst part of it is that utilities continue to be impacted by cyberthreats.

The Dangers Compound

In late April, Lansing Board of Water & Light (BWL), a Michigan-based utility organization, had several systems knocked offline. These included the accounting department, the customer support line for outages, and email services for up to 250 employees. The culprit was ransomware – a specific strain was never named. According to the Lansing State Journal, the utility did not pay the ransom, but faced about $2 million in remediation expenses.

Ransomware and KillDisk are hardly the only threats. The BlackEnergy family of malware is notoriously dangerous. BlackEnergy2, which was initially suspected in the Ukraine breach, is a modular, backdoor trojan that allows hackers to add plug-ins with additional capability. BlackEnergy3, which some researchers also believe played a role in knocking Ukraine’s grid offline, employs RAW sockets, enabling it to create its own network connections, which means it can mimic legitimate network addresses. This makes it difficult to detect, and a prime weapon for network surveillance. BlackEnergy3 is believed to spread through macros embedded in malicious MS documents.

Even a seemingly innocuous MS Word document can host malware capable of knocking out the power grid.

Something as seemingly innocuous as a Word Document can harbor malware capable of knocking out the power grid.

Looking Ahead

“The attack vectors will only continue to expand.”

Oil companies, water companies, mining organizations, electrical companies, natural gas utilities and more are all at very serious risk of being targeted by hackers. As utility infrastructure becomes smarter thanks to wireless capabilities, the attack vectors will only continue to expand.

Utility companies must protect endpoints and reverse any damage quickly in case of a malware attack. Using a reboot to restore solution will ensure malware or similar security threats are eliminated  immediately and critical infrastructure is not affected.

To protect your critical infrastructure and to know more about our reboot to restore solution, contact Faronics today.

About The Author

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, expert on Reboot Restore Technology when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.