Ukraine Blackout – The Future Of War

Uploaded on 2016-03-23 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-Russia, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

For a look at how cyber will play into armed conflict, look at the Dec. 23 attack on the Ukrainian energy sector. This was no simple hack involving celebrity emails or embarrassing personal information, but a highly coordinated and complex cyber-physical assault that knocked out power to more than 225,000 people, in a war-torn country, in the dead of winter.

Recently, the head of Southern Company, one of America’s larger regional electricity producers, said that the United States was well protected against a similar attack. But that doesn’t mean that a repeat, or a similar event, couldn’t trigger a larger conflict even if it doesn’t shut off the lights.

Cyber security researchers have pointed the finger at pro-Russian hacktivist groups. US-based iSight Partners specifically accused the Moscow-based Sandworm. But a wide variety of pro-Russian groups are working against Ukraine and Western forces; one is Cyberberkut, which has taken credit for attacks on German media and NATO sites.

So how do these groups operate? History suggests: with stealth and subtlety.  Remember 2014, when masked gunmen, not officially affiliated with any larger nation-state, began waging war in Eastern Ukraine? The so-called “green men” completed their invasion before anyone was able to figure out that they were, in fact, invading.

The specific culprit in the Ukraine blackout is almost less important than the broader trend: the rise of cyber militias that work on behalf of state interests but whose veneer of independence gives governments plausible deniability.

Tom Kellermann, the CEO of Strategic Cyber Ventures, put it this way at the recent Suits and Spooks conference in Washington, DC. “There’s a cult of personality, particularly in the East. The greatest hackers in the world, the Russian-speaking blackhat community in the former Soviet bloc, are beholden to that cult of personality. They’re beholden to that cult of personality for a number of reasons. They’ve been allowed to act with impunity when hacking the US financial sector for more than 17 years in exchange for paying tribute or homage to the regime. The examples are Estonia, South Ossetia, and now Ukraine.”

But to read the way US outlets covered the Ukrainian outage, you might think that the cyber attack and the blackout occurred almost randomly. In fact, utilities and central services have emerged as a new front in the war in the Eastern part of the country. Less than a month before the Ukrainian energy outage, one occurred on the disputed Crimea peninsula. Ukrainian police blamed saboteurs.

Russian President Vladimir Putin reportedly reacted by promising to construct power lines into the region; Russian newspapers have reported that German company Siemens has a contract with the Russian government to build gas turbine powered-plants in the Crimean cities of Sevastopol and Simferopol. Siemens reportedly refuted the claims, as building the plants would be a violation of international sanctions). Not long after that denial, Siemens became one of the key targets in the Ukraine blackout.  

The primary piece of software implicated in the attack was called BlackEnergy, according to DHS’s recently released report on the incident. It’s less of a weapon than a vehicle carrying a weapon.

The BlackEnergy malware was reportedly delivered via spear phishing emails with malicious Microsoft Office attachments. It is suspected that BlackEnergy may have been used as an initial access vector to acquire legitimate credentials, the report said.

BlackEnergy is still around in 2016 because it has a modular architecture, allowing people to write different plug-ins. By itself, it’s not the sort of software that could take down a power station. Rather, it would work in concert with an add-on, a very specifically designed package; in this case, one designed to attack the control equipment of the targeted Siemens power plants.

Still, recent attacks against US power entities are even more sophisticated than the one against Ukraine. Fanning pointed to a March 2015 attack on a Pacific Gas and Electric substation. The assailants broke into the station physically and then disabled the supervisory control and data acquisition, or SCADA system, before trying to damage other things.

The use of a self-destruct booby trap is the difference between an act of espionage—something that virtually every nation engages in—and an act of serious consequence, possibly requiring international sanctions or a response from US Cyber Command.

Think back to the Sony hack: the attackers not only took data but also destroyed it. “This is why I think many of us worry about Sony, the destructive nature of it. It wasn’t just the fun and games of, you know, what rich Hollywood executives were saying about rich Hollywood starlets, right?” Mike Rogers, the Michigan Republican who used to chair the House Intelligence Committee, said last year. “…That is equally possible in our electric grid.”

If lawmakers decide that the use of software like KillDisk is tantamount to an act of war that could put the military in a difficult position. Adm. Michael Rogers, the head of Cyber Command has said that offensive cyber weapons would be used proportionally and in line with the rules of conflict.

DefenseOne:      The Conversation

« Now Surveillance 'aggressive-invasive': Snowden
Google's AI Wins Final Go Challenge »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

WireX Systems

WireX Systems

WireX is an innovative network intelligence and forensics company that is changing the way businesses resolve cyber-attacks.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

T-REX

T-REX

T-REX is a coworking space, technology incubator, and entrepreneur resource center for technology startups.

RhodeCode

RhodeCode

RhodeCode is an open source repository management platform. It provides unified security and team collaboration across Git, Subversion, and Mercurial.

Senserva

Senserva

Senserva delivers a deep analysis for security user accounts and applications within the Microsoft cloud environment.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Saporo

Saporo

Saporo helps organizations increase their cyber-resistance. Continuously map your attack surface and get the recommendations you need to make your organization more resistant to attacks.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Darktrace

Darktrace

Darktrace is a global leader in cybersecurity AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

Mitra Informatics Integration (MII)

Mitra Informatics Integration (MII)

Mitra Informatics Integration is the information communication technology solution business of the Metrodata Group.