Researchers Reveal Malware Designed To 'Power Down' Electric Grid

chicksdaddy writes: A sample of malicious software discovered at the site of a December, 2016 cyber attack on Ukraine's electrical grid is a previously unknown program that could be capable of causing physical damage to the electrical grid, according to reports by two security firms. The Security Ledger reports: "Experts at the firm ESET and Dragos Security said on Monday that the malicious software, dubbed CrashOverride (Dragos) or Industroyer (ESET) affected a 'single transmission level substation' in the Ukraine attack on December 17th, 2016 in what appears to have been a test run. Still, experts said that features in the malware show that adversaries are automating and standardizing what were previously manual attacks against critical infrastructure, while also adding features that could be used to physically disable or damage critical systems -- the first evidence of such activity since the identification of the Stuxnet malware in 2010. The Crash Override malware 'took an approach to understand and codify the knowledge of the industrial process to disrupt operations as STUXNET (sp) did,' wrote Dragos Security in a report. The malware improves on features seen in other malicious software that it knows to target industrial control systems. Specifically, the malware makes use of and manipulates industrial control system-specific communications protocols. That's similar to features in ICS malware known as Havex that targeted grid operators in Europe and the United States in 2014. The Crash Override malware also targeted the libraries and configuration files of so-called 'Human Machine Interfaces' (or HMIs) to understand the environment they have infected. It can use HMIs, which provide a graphical interface for managing industrial control system equipment, to connect spread to other Internet connected equipment and systems, Dragos said."

What I find surprising

[SCVonSteroids]

Maybe I'm being too critical of everything these days but I find it surprising that these sort of things are even news. Shouldn't it be expected even before its inception that people are going to try and fuck with important things if they can? ESPECIALLY when they can do it anonymously?

I think I need to escape to the woods, and fucking soon, for a long time.

Re:The question at hand:

[SCVonSteroids]

My musings on it:

At the time, the engineers were cocky and thought nobody would be able to fuck with it. Maybe at the time they were correct. Current engineers see the problem, but the solution costs too much so everyone just wishes it would go away and don't talk about it too much. I've never had much fun trying to explain something super technical (but super important) to someone who was stressed out and knew fuck all of what I was talking about (but occupied a role of higher power, yeah I'm talking about managers, OK?).

Fortunately, we've all been able to sit back and enjoy corporations falling prey to this kind of thought process, but someday, they'll hit just the right target where it'll cause real damage. I'm not talking the kind of damage where some exec. can't refurbish his yacht, and formulates some kind of propaganda with his friends to make it so he can. I'm talking the kind of damage where civilization grinds to a halt, and mass panic ensues.

Re:The question at hand:

[dbIII]

At the time, the engineers were cocky and thought nobody would be able to fuck with it. Maybe at the time they were correct.

You are incorrect.
Back in the day we wanted either a total air gap (which we used to have) or dedicated secure networks like the banks were using. Management just about everywhere didn't like that and went shopping for consultants that gave them a cheap answer and they didn't care if the consultants knew what they were talking about or not. Various trade magazines at the time had a lot about the fuss and potential consequences but were ignored.
Don't blame the engineers for a policy decision that they argued against.
As for "Current engineers see the problem" - have you SEEN the IoT security clusterfucks in progress? Over the weekend there was an article about one here, poor defaults on the Raspberry Pi causing problems. There is definitely no reason to be smug and certainly no reason to feel superior.