WWIII Weapon of destruction: Highly destructive malware used to knock-out power to thousands of homes in Ukraine! First known instance of someone using malware to generate a power outage.
TheBigWobble.org
Tuesday, 5 January 2016
iSIGHT’s report suggests a troubling escalation in malware-controlled conflict that has consequences for industrialized nations everywhere.
Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said. The outage left about half of the homes in the Ivano-Frankivsk region of Ukraine without electricity, Ukrainian news service TSN reported in an article posted a day after the December 23 failure.
The report went on to say that the outage was the result of malware that disconnected electrical substations.
On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators.
They said the malware led to “destructive events” that in turn caused the blackout.
If confirmed it would be the first known instance of someone using malware to generate a power outage.
“It’s a milestone because we’ve definitely seen targeted destructive events against energy before-oil firms, for instance-but never the event which causes the blackout,” John Hultquist, head of iSIGHT’s cyber espionage intelligence practice, told Ars. “It’s the major scenario we’ve all been concerned about for so long.” Researchers from antivirus provider ESET have confirmed that multiple Ukrainian power authorities were infected by “BlackEnergy,” a package discovered in 2007 that was updated two years ago to include a host of new functions, including the ability to render infected computers unbootable.
More recently, ESET found, the malware was updated again to add a component dubbed KillDisk, which destroys critical parts of a computer hard drive and also appears to have functions that sabotage industrial control systems.
The latest BlackEnergy also includes a backdoored secure shell (SSH) utility that gives attackers permanent access to infected computers.
Until now, BlackEnergy has mainly been used to conduct espionage on targets in news organizations, power companies, and other industrial groups.
While ESET stopped short of saying the BlackEnergy infections hitting the power companies were responsible for last week’s outage, the company left little doubt that one or more of the BlackEnergy components had that capability.
In a blog post published Monday, ESET researchers wrote: Our analysis of the destructive KillDisk malware detected in several electricity distribution companies in Ukraine indicates that it is theoretically capable of shutting down critical systems.
The Rest…HERE
