TWO cyber security firms have uncovered malicious software that they believe caused a December 2016 Ukraine power outage, they said on Monday, warning the malware could be easily modified to harm critical infrastructure operations around the globe.
ESET, a Slovakian anti-virus software maker, and Dragos Inc, a U.S. critical-infrastructure security firm, released detailed analyses of the malware, known as Industroyer or Crash Override, and issued private alerts to governments and infrastructure operators to help them defend against the threat.
The U.S. Department of Homeland Security said it was investigating the malware, though it had seen no evidence to suggest it has infected U.S. critical infrastructure.
The two firms said they did not know who was behind the cyber attack. Ukraine has blamed Russia, though officials in Moscow have repeatedly denied blame.
Still, the firms warned that there could be more attacks using the same approach, either by the group that built the malware or copycats who modify the malicious software.
"The malware is really easy to re-purpose and use against other targets. That is definitely alarming," said ESET malware researcher Robert Lipovsky said in a telephone interview. "This could cause wide-scale damage to infrastructure systems that are vital."
The Department of Homeland Security corroborated that warning, saying it was working to better understand the threat posed by Crash Override.
"The tactics, techniques and procedures described as part of the Crash Override malware could be modified to target U.S. critical information networks and systems," the agency said in an alert posted on its website.
The alert posted some three dozen technical indicators that a system had been compromised by Crash Override and asked firms to contact the agency if they suspected their systems were compromised by the malware.
Dragos founder Robert M. Lee said the malware was capable of attacking power systems across Europe and could be leveraged against the United States "with small modifications."
It is able to cause outages of up to a few days in portions of a nation's grid, but is not potent enough to bring down a country's entire grid, Lee said by phone.
With modifications, the malware could attack other types of infrastructure including local transportation providers, water and gas providers, Lipovsky said.
Power firms are concerned there will be more attacks, Alan Brill, a leader of Kroll's cyber security practice, said in a telephone interview.
"You are dealing with very smart people who came up with something and deployed it," Brill said. "It represents a risk to power distribution organizations everywhere."
Industroyer is only the second piece of malware uncovered to date that is capable of disrupting industrial processes without the need for hackers to manually intervene.
The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran's nuclear program.
A spokesman for Ukraine's state cyber police said it was not clear whether the malware was used in the December 2016 attack. Ukraine's state-run Computer Emergency Response Team did not immediately respond to requests for comment.
The Kremlin and Russia's Federal Security Service did not reply to requests for comment.
Crash Override can be detected if a utility monitors its network for abnormal traffic, including signs the malware is searching for the location of substations or sending messages to switch breakers, according to Lee, a former U.S. Air Force cyber warfare operations officer.
Malware has been used in other disruptive attacks on industrial targets, including the 2015 Ukraine power outage, but in those cases human intervention was required.
ESET said it had been analyzing the malware for several months and had held off on going public to preserve the integrity of investigations into the power system hack.
ESET last week provided samples with Dragos, which said it was able to confirm the malware was used in the Ukraine grid attack.
Reuters
Tue Jun 13 2017
The U.S. Department of Homeland Security said it was investigating the malware, though it had seen no evidence to suggest it has infected U.S. critical infrastructure. -Filepix
Pulau Pinang, kerajaan pusat bekerjasama tarik pelaburan semikonduktor
Kerajaan Pulau Pinang akan bekerjasama dengan Kerajaan Persekutuan untuk meneruskan usaha menarik pelaburan dalam sektor semikonduktor, termasuk segmen reka bentuk litar bersepadu (IC) di negeri itu.
Rakyat Malaysia di Jordan jadi duta produk PMKS negara
Menteri Pembangunan Usahawan dan Koperasi Datuk Ewon Benedick menyarankan rakyat Malaysia yang menetap di Jordan supaya memainkan peranan sebagai “duta” untuk mempromosikan produk perusahaan mikro kecil dan sederhana (PMKS) SERTA koperasi negara.
Mohamed Khaled tiba di Indonesia, dijadual bertemu Prabowo
Menteri Pertahanan Datuk Seri Mohamed Khaled Nordin tiba di Jakarta hari ini untuk lawatan kerja rasmi sulung beliau ke Indonesia sejak memegang jawatan itu.
SPRM mohon maklumat dari Jerman
Suruhanjaya Pencegahan Rasuah Malaysia (SPRM) memohon maklumat terkini daripada pihak berkuasa Jerman mengenai dana bon 1Malaysia Development Berhad (1MDB) yang dipercayai digunakan untuk membeli kereta mewah di negara itu pada 26 Okt 2022.
SPRM siasat pemimpin kanan di utara tanah air
Seorang pemimpin kanan di utara tanah air disiasat Suruhanjaya Pencegahan Rasuah Malaysia (SPRM) kerana disyaki melantik beberapa syarikat yang mempunyai kepentingan dengannya membabitkan beberapa projek pembekalan melibatkan peruntukan kira-kira RM300,000.
Kembangkan kandungan tempatan melalui AI
Menurut Setiausaha Agung Organisasi Kerjasama Digital (DCO) Deemah Al Yahya, terdapat 2.7 peratus daripada penduduk dunia tidak berhubung malah tidak mempunyai sambungan asas internet. Beliau turut berkata infrastruktur pengkomputeran setiap negara perlu mempunyai kemampuan untuk mengembangkan kandungan tempatan khususnya yang melibatkan penggunaan AI.
AI tidak dapat ganti guru
Menteri Pendidikan Rwanda, Gaspard Twagirayezu berkata kepesatan teknologi AI dalam pendidikan tidak dapat menggantikan guru malah membantu guru dalam menyediakan bahan pengajaran yang bermanfaat kepada pelajar.
Berita tempatan pilihan sepanjang hari ini
Berikut adalah berita yang paling menjadi tumpuan sepanjang Ahad, 28 April 2024.
Mesyuarat Khas WEF: Dunia perlukan persaingan sihat dalam transisi ke Orde Baharu - Menteri Luar Arab Saudi
Menteri Luar Negeri Arab Saudi, Putera Faisal bin Farhan Al Saud berkata dunia memerlukan persaingan sihat dalam transisi daripada Orde Dunia Lama kepada Orde Baharu. Jelasnya, persaingan ini akan memberi manfaat dalam bentuk kos pengeluaran lebih rendah, perkembangan inovasi dan pelaburan lebih baik. #MesyuaratKhasWEF #WEF
Mesyuarat Khas WEF: Dunia saling tidak percaya akibat kebergantungan dipersenjatakan - Naib Presiden Suruhanjaya Eropah
Naib Presiden Suruhanjaya Eropah, Josep Borrell Fontelles berkata fenomena hilang kepercayaan yang melanda komuniti antarabangsa ketika ini adalah akibat kebergantungan yang dipersenjatakan oleh beberapa pihak. Jelasnya, situasi ini boleh membawa kepada pengasingan negara-negara tertentu dari pentas global, seterusnya menghambat pelaksanaan agenda antarabangsa. #MesyuaratKhasWEF #WEF