Hard Lessons From The Cyberattack On Ukraine

Uploaded on 2016-03-15 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The ongoing investigation into a cyberattack that experts have linked to a December blackout in Ukraine reveals how vulnerable other power suppliers are to malware attacks. A cyberattack linked to a December blackout in Ukraine signals new dangers for critical infrastructure operators such as power suppliers and other utilities, experts said recently.
    
The fact is that many supervisory control and data acquisition (SCADA) systems – the type compromised in the Ukrainian attacks and utilized at countless other power facilities – aren't designed to be secure against digital attacks, said security researcher Peiter Zatko, also known by his hacker nom de gare Mudg.

"They were designed to be in isolated environments that don’t talk with the outside world," said Mr. Zatko. "You didn’t want these to be connected to the Internet.”

Zatko spoke at an event recently cosponsored by Passcode and Harvard University's Belfer Center for Science and International Affairs to further explore the Ukraine cyberattack that many experts believe led to power outages for some 80,000 customers in the western region of Ivano-Frankivsk for nearly six hours.

The incident has sent shockwaves throughout the critical infrastructure sector in the US and beyond, and follows recent reports of hackers linked to Iran breaching networks at a dam outside Rye, N.Y., and at the major power supplier Calpine Corp. Renewed concerns about digital threats to the power grid have also led the Pentagon's Defense Advanced Research Projects Agency (DARPA) to devote $77 million to helping utilities defend against and recover from future cyberattacks.

A former security researcher at DARPA, Zatko said that many critical infrastructure companies have simply ignored security patches for industrial networks and that often companies making software for these facilities aren't security conscious enough. "The developers writing the code aren't thinking about security."

It also appears that Ukrainian facilities involved in the attack weren't following industry guidelines that could prevent hackers from gaining access to essential systems. Reuters recently reported that power utilities in Ukraine ignored their own rules regarding "air gaps" – separating critical control systems from the Internet – before December's attack.

Analysts still aren't certain of the exact timeline of the Ukraine attack. But according to research from SANS Institute, a nonprofit that specializes in cybersecurity training, attackers breached SCADA systems at the facilities, deployed malware to infect and damage servers, and attacked call centers at the utilities with a distributed denial of service attack.

Oleh Sych, a consultant to Ukrainian government officials investigating the attack, told Reuters that hackers probably used phishing e-mails designed to trick power operators into clicking on malicious documents, thus allowing them access to the network.

The cybersecurity intelligence firm iSightPartners said the group behind the attack could be connected to the Russia-linked Sandworm Team, which conducts cyberespionage operations. While many experts agree that the cyberattack led to the power outage, there's still no consensus about how the hackers actually shut down parts of the power grid.

"We've never had to deal with a cyberattack against the grid that took the power down," said Robert M. Lee, chief executive officer of Dragos Security and an instructor for the SANS Institute, who participated in the Monday event. “If the US power grid was ever impacted in more than one region, we couldn’t recover that easily.”

In a survey of 500 security leaders at critical infrastructure firms conducted by TrendMicro and the Organization of American States in 2015, 53 percent of responses indicated that attacks had increased over the past year. But despite the uptick in reports of breaches into utilities, experts said recently that cyber threat intelligence in the critical infrastructure sector has not improved much – as has been the case with companies in other industries.

"The thing that bothers me is that we’re not looking into those environments," said Lee. "It's not trivial to take down the power grid."

CSMonitor: 

 

« Russian Scientists Have Solved Light-Based Computers
Your Directors Don’t Understand Cyber Threats Endangering Business (£) »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Defense Advanced Research Projects Agency (DARPA)

Defense Advanced Research Projects Agency (DARPA)

DARPA's mission is to develop breakthrough technologies for national security. The Information Innovation Office undertakes cyber security activities.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

Clearwater Security & Compliance

Clearwater Security & Compliance

Clearwater Compliance specialize in Privacy, Security, Compliance and Risk Management Solutions for Health Care, Law Firms and other businesses.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

Nixu

Nixu

Nixu is the largest Nordic specialist company in information security consulting.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

ThirdWatch

ThirdWatch

ThirdWatch is a Data Science company with real-time automated fraud prevention solutions.

S2S Group

S2S Group

S2S Group specialise in the destruction and management of IT assets at the end of the lifecycle.

TrustMAPP

TrustMAPP

TrustMAPP automates cybersecurity & privacy assessments, with universal workflow, allowing teams to generate analytics and recommendations to align priorities for improvement.

Razorpoint Cybersecurity

Razorpoint Cybersecurity

Razorpoint’s world-class security experts have provided advanced, effective cybersecurity expertise to corporate and public-sector organizations around the world.

Mindaro Insurance

Mindaro Insurance

Mindaro is adding the crucial piece of the cyber security puzzle that protects your organization from the financial ramifications of cyber attacks.

Veza Technologies

Veza Technologies

Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to manage and control who can and should take what action on what data.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.

Start-Up Chile (SUP)

Start-Up Chile (SUP)

Start-Up Chile is a business accelerator program created by the Chilean Government for high-potential tech entrepreneurs.

Runtime Ventures

Runtime Ventures

Runtime Ventures focuses on seed and pre-seed stage cybersecurity investments. We love to work with ambitious founders building the future of the secure enterprise.