Hard Lessons From The Cyberattack On Ukraine

The ongoing investigation into a cyberattack that experts have linked to a December blackout in Ukraine reveals how vulnerable other power suppliers are to malware attacks. A cyberattack linked to a December blackout in Ukraine signals new dangers for critical infrastructure operators such as power suppliers and other utilities, experts said recently.
    
The fact is that many supervisory control and data acquisition (SCADA) systems – the type compromised in the Ukrainian attacks and utilized at countless other power facilities – aren't designed to be secure against digital attacks, said security researcher Peiter Zatko, also known by his hacker nom de gare Mudg.

"They were designed to be in isolated environments that don’t talk with the outside world," said Mr. Zatko. "You didn’t want these to be connected to the Internet.”

Zatko spoke at an event recently cosponsored by Passcode and Harvard University's Belfer Center for Science and International Affairs to further explore the Ukraine cyberattack that many experts believe led to power outages for some 80,000 customers in the western region of Ivano-Frankivsk for nearly six hours.

The incident has sent shockwaves throughout the critical infrastructure sector in the US and beyond, and follows recent reports of hackers linked to Iran breaching networks at a dam outside Rye, N.Y., and at the major power supplier Calpine Corp. Renewed concerns about digital threats to the power grid have also led the Pentagon's Defense Advanced Research Projects Agency (DARPA) to devote $77 million to helping utilities defend against and recover from future cyberattacks.

A former security researcher at DARPA, Zatko said that many critical infrastructure companies have simply ignored security patches for industrial networks and that often companies making software for these facilities aren't security conscious enough. "The developers writing the code aren't thinking about security."

It also appears that Ukrainian facilities involved in the attack weren't following industry guidelines that could prevent hackers from gaining access to essential systems. Reuters recently reported that power utilities in Ukraine ignored their own rules regarding "air gaps" – separating critical control systems from the Internet – before December's attack.

Analysts still aren't certain of the exact timeline of the Ukraine attack. But according to research from SANS Institute, a nonprofit that specializes in cybersecurity training, attackers breached SCADA systems at the facilities, deployed malware to infect and damage servers, and attacked call centers at the utilities with a distributed denial of service attack.

Oleh Sych, a consultant to Ukrainian government officials investigating the attack, told Reuters that hackers probably used phishing e-mails designed to trick power operators into clicking on malicious documents, thus allowing them access to the network.

The cybersecurity intelligence firm iSightPartners said the group behind the attack could be connected to the Russia-linked Sandworm Team, which conducts cyberespionage operations. While many experts agree that the cyberattack led to the power outage, there's still no consensus about how the hackers actually shut down parts of the power grid.

"We've never had to deal with a cyberattack against the grid that took the power down," said Robert M. Lee, chief executive officer of Dragos Security and an instructor for the SANS Institute, who participated in the Monday event. “If the US power grid was ever impacted in more than one region, we couldn’t recover that easily.”

In a survey of 500 security leaders at critical infrastructure firms conducted by TrendMicro and the Organization of American States in 2015, 53 percent of responses indicated that attacks had increased over the past year. But despite the uptick in reports of breaches into utilities, experts said recently that cyber threat intelligence in the critical infrastructure sector has not improved much – as has been the case with companies in other industries.

"The thing that bothers me is that we’re not looking into those environments," said Lee. "It's not trivial to take down the power grid."

CSMonitor: 

 

« Russian Scientists Have Solved Light-Based Computers
Your Directors Don’t Understand Cyber Threats Endangering Business (£) »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

National Institute of Information and Communications Technology (NICT)

National Institute of Information and Communications Technology (NICT)

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

MaskTech

MaskTech

MaskTech supplies highest security embedded chipsets, operating systems and related middleware for electronic identification cards, travel documents and authentication solutions.

ecsec

ecsec

ecsec is a specialized vendor of security solutions including information security management, smart card technology, identity management, cloud computing and electronic signature technology.

Innova

Innova

Innova is Turkey's leading IT solutions company, providing platform independent solutions to organizations in telecommunication, finance, production, public and service sectors.

GK8

GK8

GK8 is a cyber security company that offers a high security custodian technology for managing and safeguarding digital assets. Secure, Compliant and Practical.

Mendoza Ventures

Mendoza Ventures

Mendoza Ventures is a venture capital fund focusing on pre-seed Artificial Intelligence (AI), Fintech, and Cybersecurity startups.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Identity Management Institute (IMI)

Identity Management Institute (IMI)

Identity Management Institute (IMI) provides professional training and certification in cyber security with a focus on identity and access management, identity theft, and data protection.

Dr Web

Dr Web

Since 1992 the Russian anti-virus Dr.Web has been helping companies to keep their digital assets protected and operate in a secure digital environment.

Custodia Continuity

Custodia Continuity

Custodia Continuity manage your Security, Backup, Continuity and Compliance. You get on with your business.

The Cyber Scheme

The Cyber Scheme

The Cyber Scheme provides NCSC certified and assured assessments, training and career support for security testers & technical cyber professionals.

Synagex

Synagex

Synagex Modern IT is a simple IT and cybersecurity solution for businesses.

Silence Laboratories

Silence Laboratories

Silence Laboratories is a cybersecurity company that focuses on the fusion of cryptography, sensing, and design to support a seamless authentication experience.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.