Ukraine - More Cyber Attacks

Emblem of the Ministry of Fuel and Energy of Ukraine

Consultant working for government claims energy companies ignored their own security rules in power grid hack, as more attacks are predicted to come.

The cyber attacks that took down sections of Ukraine’s power grid last December, leaving hundreds of thousands of people without power, were able to happen because of poor security practices within the country’s energy companies, according to a consultant who works for government investigators.

The consultant also warned that further attacks could take place, and that a fourth Ukrainian energy company was attacked with the malware last October.

Spoof

Oleh Sych said that companies ignored their own security rules, and hackers were able to spoof energy ministry emails. “This is the scariest thing – we’re living on a powder keg. We don’t know where else has been compromised. We can protect everything, we can teach administrators never to open emails, but the system is already infected,” he said.

An attack on December 23 left parts of western Ukraine, including regional capital Ivano-Frankivsk, without power for almost six hours. It was the first public case of a cyber attack affecting a country’s energy supply.

Ukraine’s security service SBU said Russia was behind the attack, and the energy ministry in Kiev said last week it has set up a commission to investigate the incident. Russia has yet to comment on the matter, but relations between the two countries have declined since Russia annexed

Crimea in 2014

SBU said other power companies had been targeted at the same time and that security services had prevented a much longer blackout in the region. Sych, who works for a consultancy that is advising the SBU on the attacks, said that power companies had not followed their own security procedures when they connected important computers to the Internet. Instead, Sych said that these critical machines should have been left within an internal network.

Eset, a security firm based in Slovakia, said earlier this month that it believes BlackEnergy, a sophisticated trojan usually delivered via malicious email attachments, was used in both the attack on Ukraine’s power grid and in an earlier incident that targeted Ukrainian news media during local elections in November.

Sych told Reuters: “A possible objective was to bring down some branches (of the Ukrainian energy system) and create a ‘domino effect’ to collapse the entire system of Ukraine or a significant part.”

But Sych said that there is not yet any conclusive evidence that points towards Russia being behind the attacks. He told Reuters that one email was sent from the United States, whilst another originated from German university.

Sych further believes that an insider within the energy industry may be involved.

“We understand that this couldn’t have happened without an insider. To carry out this kind of attack you need to know what kind of operating system and SCADA (supervisory control and data acquisition) are used and what software controls the industrial facility,” he said.

Sych said that to know what kind of software was installed, and to know what type of malware to test on the software, an insider must have carried out “preliminary investigations”.

Hackers then sent emails to workers at the power companies that contained infected Word or Excel files, disguised as correspondence from the ministry of energy in Ukraine.

Tech Week Europe:

« What Should You Do If Your Business Is Hacked? (£)
Computer Blind Spots (£) »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

4iQ

4iQ

4iQ fuses surface, social, deep and dark web sources to research and assess risks to people, infrastructure, intellectual property and reputation.

FirstPoint

FirstPoint

FirstPoint has developed the market’s most advanced solution for securing cellular devices, including mobile phones and IoT products, by blocking malicious data leakage.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

Early Birds

Early Birds

Early Birds is a Business to Business (B2B) marketplace for Innovators (Startups/Scaleups) and Early Adopters to exchange value early on.

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Pacific Global Security Group

Pacific Global Security Group

Pacific Global Security Group offers an intelligence-driven focus on all aspects of cybersecurity for IT/ICS/OT.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

NewsGuard Technologies

NewsGuard Technologies

NewsGuard provides transparent tools to counter misinformation for readers, brands, and democracies.

Infima Cybersecurity

Infima Cybersecurity

INFIMA tackle the hard parts of managing your Security Awareness Training program so you can focus elsewhere.

BeckTek

BeckTek

BeckTek specialize in IT Cyber Security & Support, helping clients run their businesses faster, easier and more profitably.

National Protective Security Authority (NPSA) - UK

National Protective Security Authority (NPSA) - UK

NPSA is part of MI5 and is the National Technical Authority for physical and personnel protective security. By making the UK more resilient to national security threats, we help to make the UK safe.