Ukraine - More Cyber Attacks

Emblem of the Ministry of Fuel and Energy of Ukraine

Consultant working for government claims energy companies ignored their own security rules in power grid hack, as more attacks are predicted to come.

The cyber attacks that took down sections of Ukraine’s power grid last December, leaving hundreds of thousands of people without power, were able to happen because of poor security practices within the country’s energy companies, according to a consultant who works for government investigators.

The consultant also warned that further attacks could take place, and that a fourth Ukrainian energy company was attacked with the malware last October.

Spoof

Oleh Sych said that companies ignored their own security rules, and hackers were able to spoof energy ministry emails. “This is the scariest thing – we’re living on a powder keg. We don’t know where else has been compromised. We can protect everything, we can teach administrators never to open emails, but the system is already infected,” he said.

An attack on December 23 left parts of western Ukraine, including regional capital Ivano-Frankivsk, without power for almost six hours. It was the first public case of a cyber attack affecting a country’s energy supply.

Ukraine’s security service SBU said Russia was behind the attack, and the energy ministry in Kiev said last week it has set up a commission to investigate the incident. Russia has yet to comment on the matter, but relations between the two countries have declined since Russia annexed

Crimea in 2014

SBU said other power companies had been targeted at the same time and that security services had prevented a much longer blackout in the region. Sych, who works for a consultancy that is advising the SBU on the attacks, said that power companies had not followed their own security procedures when they connected important computers to the Internet. Instead, Sych said that these critical machines should have been left within an internal network.

Eset, a security firm based in Slovakia, said earlier this month that it believes BlackEnergy, a sophisticated trojan usually delivered via malicious email attachments, was used in both the attack on Ukraine’s power grid and in an earlier incident that targeted Ukrainian news media during local elections in November.

Sych told Reuters: “A possible objective was to bring down some branches (of the Ukrainian energy system) and create a ‘domino effect’ to collapse the entire system of Ukraine or a significant part.”

But Sych said that there is not yet any conclusive evidence that points towards Russia being behind the attacks. He told Reuters that one email was sent from the United States, whilst another originated from German university.

Sych further believes that an insider within the energy industry may be involved.

“We understand that this couldn’t have happened without an insider. To carry out this kind of attack you need to know what kind of operating system and SCADA (supervisory control and data acquisition) are used and what software controls the industrial facility,” he said.

Sych said that to know what kind of software was installed, and to know what type of malware to test on the software, an insider must have carried out “preliminary investigations”.

Hackers then sent emails to workers at the power companies that contained infected Word or Excel files, disguised as correspondence from the ministry of energy in Ukraine.

Tech Week Europe:

« What Should You Do If Your Business Is Hacked? (£)
Computer Blind Spots (£) »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

CERT-SE

CERT-SE

CERT-SE is the national and governmental Computer Security Incident Response Team of Sweden.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

Qatar Computing Research Institute (QCRI)

Qatar Computing Research Institute (QCRI)

QCRI perform cutting-edge research in such areas as Arabic language technologies, social computing, data analytics, distributed systems, cyber security and computational science and engineering.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

Ensconce Data Technology (EDT)

Ensconce Data Technology (EDT)

EDT’s focus is on providing solutions to properly sanitize Solid State Drives (SSD) and Magnetic Drives (HDD) before they are disposed or redeployed.

Glilot Capital Partners

Glilot Capital Partners

Glilot Capital Partners is an Israeli seed and early-stage VC. We specialize in businesses which disrupt enterprise technology, mainly in the fields of AI, big data and cybersecurity.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

Cyberwatch Finland

Cyberwatch Finland

Cyberwatch Finland's services improve decision-makers’ strategic situational picture and enable successful holistic cyber risk management.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.