Hard Lessons From The Cyberattack On Ukraine

Uploaded on 2016-03-15 in TECHNOLOGY--Hackers, NEWS-News Analysis, GOVERNMENT-Defence, FREE TO VIEW

The ongoing investigation into a cyberattack that experts have linked to a December blackout in Ukraine reveals how vulnerable other power suppliers are to malware attacks. A cyberattack linked to a December blackout in Ukraine signals new dangers for critical infrastructure operators such as power suppliers and other utilities, experts said recently.
    
The fact is that many supervisory control and data acquisition (SCADA) systems – the type compromised in the Ukrainian attacks and utilized at countless other power facilities – aren't designed to be secure against digital attacks, said security researcher Peiter Zatko, also known by his hacker nom de gare Mudg.

"They were designed to be in isolated environments that don’t talk with the outside world," said Mr. Zatko. "You didn’t want these to be connected to the Internet.”

Zatko spoke at an event recently cosponsored by Passcode and Harvard University's Belfer Center for Science and International Affairs to further explore the Ukraine cyberattack that many experts believe led to power outages for some 80,000 customers in the western region of Ivano-Frankivsk for nearly six hours.

The incident has sent shockwaves throughout the critical infrastructure sector in the US and beyond, and follows recent reports of hackers linked to Iran breaching networks at a dam outside Rye, N.Y., and at the major power supplier Calpine Corp. Renewed concerns about digital threats to the power grid have also led the Pentagon's Defense Advanced Research Projects Agency (DARPA) to devote $77 million to helping utilities defend against and recover from future cyberattacks.

A former security researcher at DARPA, Zatko said that many critical infrastructure companies have simply ignored security patches for industrial networks and that often companies making software for these facilities aren't security conscious enough. "The developers writing the code aren't thinking about security."

It also appears that Ukrainian facilities involved in the attack weren't following industry guidelines that could prevent hackers from gaining access to essential systems. Reuters recently reported that power utilities in Ukraine ignored their own rules regarding "air gaps" – separating critical control systems from the Internet – before December's attack.

Analysts still aren't certain of the exact timeline of the Ukraine attack. But according to research from SANS Institute, a nonprofit that specializes in cybersecurity training, attackers breached SCADA systems at the facilities, deployed malware to infect and damage servers, and attacked call centers at the utilities with a distributed denial of service attack.

Oleh Sych, a consultant to Ukrainian government officials investigating the attack, told Reuters that hackers probably used phishing e-mails designed to trick power operators into clicking on malicious documents, thus allowing them access to the network.

The cybersecurity intelligence firm iSightPartners said the group behind the attack could be connected to the Russia-linked Sandworm Team, which conducts cyberespionage operations. While many experts agree that the cyberattack led to the power outage, there's still no consensus about how the hackers actually shut down parts of the power grid.

"We've never had to deal with a cyberattack against the grid that took the power down," said Robert M. Lee, chief executive officer of Dragos Security and an instructor for the SANS Institute, who participated in the Monday event. “If the US power grid was ever impacted in more than one region, we couldn’t recover that easily.”

In a survey of 500 security leaders at critical infrastructure firms conducted by TrendMicro and the Organization of American States in 2015, 53 percent of responses indicated that attacks had increased over the past year. But despite the uptick in reports of breaches into utilities, experts said recently that cyber threat intelligence in the critical infrastructure sector has not improved much – as has been the case with companies in other industries.

"The thing that bothers me is that we’re not looking into those environments," said Lee. "It's not trivial to take down the power grid."

CSMonitor: 

 

« Russian Scientists Have Solved Light-Based Computers
Your Directors Don’t Understand Cyber Threats Endangering Business (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Zayo

Zayo

Zayo is a leading global bandwidth infrastructure services provider for high-performance connectivity, secure colocation and flexible cloud services.

Telefonica Tech

Telefonica Tech

Telefónica Cyber Security Tech is focused on the prevention, detection and appropriate response to security incidents aimed at protecting your digital services.

Japan Network Security Association (JNSA)

Japan Network Security Association (JNSA)

JNSA's goal is to promote standardization related to network security and to contribute to greater technological standards in the field.

Graphus

Graphus

Graphus provides a simple, powerful, automated solution that eliminates 99% of social engineering and spear phishing attacks against G Suite business Gmail users.

Securely

Securely

Securely Ltd. is an IT consulting and services firm specializing in PKI solutions and products.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

Satori Cyber

Satori Cyber

The Satori Cyber Secure Data Access Cloud is the first solution on the market to offer continuous visibility and granular control for data flows across all cloud and hybrid data stores.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

Silverse

Silverse

At Silverse, we specialize in building a comprehensive cybersecurity journey, anchored by our extensive experience, industry expertise, and an ecosystem of trusted partners.

Ever Nimble

Ever Nimble

Ever Nimble are award-winning experts in IT support, cybersecurity, and cloud technology. Our proactive approach will enhance your security and protect you from cyber security threats.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.

Aura Information Security

Aura Information Security

Aura Information Security consists of a team of highly-skilled and renowned information security professionals spanning Australia and New Zealand.