Six months on from a hacking attack that caused a blackout in Kiev, Ukraine, security researchers have warned that the malware that was used in the attack would be “easy” to convert to cripple infrastructure in other nations.
The discovery of the malware, dubbed “Industroyer” and “Crash Override”, highlights the vulnerability of critical infrastructure, just months after the WannaCry ransomware took out NHS computers across the UK.
Industroyer, analysed by the researchers from Slovakia’s ESET and the US’s Dragos, is only the second known case of a virus built and released specifically to disrupt industrial control systems. The first was Stuxnet, a worm that sabotaged the Iranian nuclear programme, which was thought to have been built by the US and Israel.
The virus attacks electricity substations and circuit breakers using industrial communication protocols which are standardised across a number of types of critical infrastructure – from power, water and gas supply to transportation control.
Those control protocols date back decades, to long before security practices such as encryption and authentication were standardised. Their only real security feature involves sequestering them on networks that aren’t directly connected to the internet; but as the need for economic efficiency has pressed in, even that has been jettisoned.