Ukraine - More Cyber Attacks

Emblem of the Ministry of Fuel and Energy of Ukraine

Consultant working for government claims energy companies ignored their own security rules in power grid hack, as more attacks are predicted to come.

The cyber attacks that took down sections of Ukraine’s power grid last December, leaving hundreds of thousands of people without power, were able to happen because of poor security practices within the country’s energy companies, according to a consultant who works for government investigators.

The consultant also warned that further attacks could take place, and that a fourth Ukrainian energy company was attacked with the malware last October.

Spoof

Oleh Sych said that companies ignored their own security rules, and hackers were able to spoof energy ministry emails. “This is the scariest thing – we’re living on a powder keg. We don’t know where else has been compromised. We can protect everything, we can teach administrators never to open emails, but the system is already infected,” he said.

An attack on December 23 left parts of western Ukraine, including regional capital Ivano-Frankivsk, without power for almost six hours. It was the first public case of a cyber attack affecting a country’s energy supply.

Ukraine’s security service SBU said Russia was behind the attack, and the energy ministry in Kiev said last week it has set up a commission to investigate the incident. Russia has yet to comment on the matter, but relations between the two countries have declined since Russia annexed

Crimea in 2014

SBU said other power companies had been targeted at the same time and that security services had prevented a much longer blackout in the region. Sych, who works for a consultancy that is advising the SBU on the attacks, said that power companies had not followed their own security procedures when they connected important computers to the Internet. Instead, Sych said that these critical machines should have been left within an internal network.

Eset, a security firm based in Slovakia, said earlier this month that it believes BlackEnergy, a sophisticated trojan usually delivered via malicious email attachments, was used in both the attack on Ukraine’s power grid and in an earlier incident that targeted Ukrainian news media during local elections in November.

Sych told Reuters: “A possible objective was to bring down some branches (of the Ukrainian energy system) and create a ‘domino effect’ to collapse the entire system of Ukraine or a significant part.”

But Sych said that there is not yet any conclusive evidence that points towards Russia being behind the attacks. He told Reuters that one email was sent from the United States, whilst another originated from German university.

Sych further believes that an insider within the energy industry may be involved.

“We understand that this couldn’t have happened without an insider. To carry out this kind of attack you need to know what kind of operating system and SCADA (supervisory control and data acquisition) are used and what software controls the industrial facility,” he said.

Sych said that to know what kind of software was installed, and to know what type of malware to test on the software, an insider must have carried out “preliminary investigations”.

Hackers then sent emails to workers at the power companies that contained infected Word or Excel files, disguised as correspondence from the ministry of energy in Ukraine.

Tech Week Europe:

« What Should You Do If Your Business Is Hacked? (£)
Computer Blind Spots (£) »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

Watch this webinar to see how cloud security posture management (CSPM) tools can fit into your cloud security strategy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Citicus

Citicus

Citicus provides world-class security, risk and compliance management software, plus supporting services.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

Lirex

Lirex

Lirex offer consulting and outsourcing services, complete design, construction and maintenance of ICT solutions and systems including cybersecurity.

CipherTrace

CipherTrace

CipherTrace develops cryptocurrency Anti-Money Laundering, cryptocurrency forensics, and blockchain threat intelligence solutions.

Nakivo

Nakivo

NAKIVO is dedicated to delivering the ultimate backup, ransomware protection and disaster recovery solution for virtual, physical, cloud and SaaS environments.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

GK8

GK8

GK8 is a cyber security company that offers a high security custodian technology for managing and safeguarding digital assets. Secure, Compliant and Practical.

Sollensys

Sollensys

Sollensys is a leader in commercial blockchain applications. Our flagship product, The Blockchain Archive Server™ is the best defense against the devastating financial loss that ransomware causes.

NVISIONx

NVISIONx

NVISIONx data risk governance platform enables companies to gain control of their enterprise data to reduce data risks, compliance scopes and storage costs.

eaziSecurity

eaziSecurity

eaziSecurity has built an eco-system of technology and services that bring enterprise scale security solutions to the SME marketplace.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.