Ukraine - More Cyber Attacks

Emblem of the Ministry of Fuel and Energy of Ukraine

Consultant working for government claims energy companies ignored their own security rules in power grid hack, as more attacks are predicted to come.

The cyber attacks that took down sections of Ukraine’s power grid last December, leaving hundreds of thousands of people without power, were able to happen because of poor security practices within the country’s energy companies, according to a consultant who works for government investigators.

The consultant also warned that further attacks could take place, and that a fourth Ukrainian energy company was attacked with the malware last October.

Spoof

Oleh Sych said that companies ignored their own security rules, and hackers were able to spoof energy ministry emails. “This is the scariest thing – we’re living on a powder keg. We don’t know where else has been compromised. We can protect everything, we can teach administrators never to open emails, but the system is already infected,” he said.

An attack on December 23 left parts of western Ukraine, including regional capital Ivano-Frankivsk, without power for almost six hours. It was the first public case of a cyber attack affecting a country’s energy supply.

Ukraine’s security service SBU said Russia was behind the attack, and the energy ministry in Kiev said last week it has set up a commission to investigate the incident. Russia has yet to comment on the matter, but relations between the two countries have declined since Russia annexed

Crimea in 2014

SBU said other power companies had been targeted at the same time and that security services had prevented a much longer blackout in the region. Sych, who works for a consultancy that is advising the SBU on the attacks, said that power companies had not followed their own security procedures when they connected important computers to the Internet. Instead, Sych said that these critical machines should have been left within an internal network.

Eset, a security firm based in Slovakia, said earlier this month that it believes BlackEnergy, a sophisticated trojan usually delivered via malicious email attachments, was used in both the attack on Ukraine’s power grid and in an earlier incident that targeted Ukrainian news media during local elections in November.

Sych told Reuters: “A possible objective was to bring down some branches (of the Ukrainian energy system) and create a ‘domino effect’ to collapse the entire system of Ukraine or a significant part.”

But Sych said that there is not yet any conclusive evidence that points towards Russia being behind the attacks. He told Reuters that one email was sent from the United States, whilst another originated from German university.

Sych further believes that an insider within the energy industry may be involved.

“We understand that this couldn’t have happened without an insider. To carry out this kind of attack you need to know what kind of operating system and SCADA (supervisory control and data acquisition) are used and what software controls the industrial facility,” he said.

Sych said that to know what kind of software was installed, and to know what type of malware to test on the software, an insider must have carried out “preliminary investigations”.

Hackers then sent emails to workers at the power companies that contained infected Word or Excel files, disguised as correspondence from the ministry of energy in Ukraine.

Tech Week Europe:

« What Should You Do If Your Business Is Hacked? (£)
Computer Blind Spots (£) »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Maureen Data Systems

Maureen Data Systems

Maureen Data Systems (MDS) services cover Data Centres, Cloud Computing, Cyber Security, Mobility, Virtualisation, Managed Services.

HDI

HDI

HDI is the worldwide professional association and certification body for the technical service and support industry.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security is a cyber security technology consulting, incident response and applied research company.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

Physec

Physec

Physec offers innovative security products and solutions for the Internet of Things ecosystem.

ReSec Technologies

ReSec Technologies

ReSec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

CashShield

CashShield

CashShield is an end-to-end fraud management solution that blocks fraudulent activities such as account takeovers, fake accounts creation, fraudulent payments, loyalty fraud and more.

Com Laude

Com Laude

Com Laude is a domain name management company that provides strategic consulting to help companies strengthen digital brand, safeguard customers & protect brand IP.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

CyFlare

CyFlare

CyFlare’s security platform integrates your tools with ours – delivering true positives, automated remediation, and interactive analytics built for security management teams.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.