“The world’s first power outage tied to a hacker attack”
Cyber security attacks are a thing now whether it is for stealing personal information or monkeying someone’s computer and last December’s incident in Ukraine arose many concerns over the sufficient security some corporations have against cyber-attacks and potential malware.
In recap, on the 23rd of December 2015, a power blackout in Ukraine left more than 1 million citizens in the dark. The country’s Ivano-Frankivsk region energy providers lost power for almost 6 hours and according to the Ukrainian Computer Emergency Response Team (CERT-UA), this incident was due to a hacker attack. They recovered a Trojan called “BlackEnergy” from at least two utilities and suspect that some MS Office documents attached to phishing emails were involved. BlackEnergy, which was used in critical geopolitical operations over the past few years to launch DDoS attacks, is a crime ware turned APT tool and actually a blackdoor, that first appeared in 2007.
On the 18th of January, the CERT-UA issued a new alert warning other Ukrainian organizations about similar attacks. Earlier that month, Ukrainian security firm CyS Centrum published a number of email screenshots that were used in BlackEnergy campaigns. Several email addresses were spoofed in order to appear as if they originated for the Ukrainian parliament. The specific emails were designed to trick users into allowing a PowerPoint macro to execute. If the macro was executed, the system was infected with the BlackEnergy malware.
Even though investigators haven’t released any solid evidence on who launched the malware, experts say that the attack is malware enabled but likely not malware caused. According to Robert Lipovsky, senior malware researcher at ESET Slovakia: “Analyzing the malware, we’ve shed some light on an operation against the Ukrainian energy sector but what we know is only a small piece of the puzzle. Many questions have been left unanswered. But it is true that the BlackEnergy Trojan, together with an SSH backdoor and the destructive KillDisk component, which were all detected in several electricity distribution companies in Ukraine, are a dangerous set of malicious tools theoretically capable of giving attackers remote access to a company’s network”.
The most interesting thing is that after this attack in Ukraine, Israel was the next target. It undergone one of the largest serious cyber-attacks so far. The attack targeted the Nation’s Electrical Power Grid Authority’s Network and was discovered on the 25th of January.
Energy minister Yuval Steinitz said: “The virus was already identified and the right software was already prepared to neutralize it. We had to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over … but as of now, computer systems are still not working as they should”.
Even though Israel’s National Cyber Authority warned all governmental organizations and security agencies that the country could be targeted by a massive cyber-attack, officials had not yet identified any suspects behind these attacks and the energy ministry has not provided any details about how the attack was carried out.
But what is it that could be done in order for industries to be prepared and handle these challenges? Even though many companies underestimate the power of a cyber-attack against their IT systems, more and more corporations adopt the “air-gapped” method, meaning there are less industrial systems connected to the internet. When it comes to cyber security, there are no stagnant solutions. Installing all security patches, accessing your company’s server remotely by secure paths and encrypted protocols and follow all defensive strategies that major cyber security institutions recommend are some of the steps that must be followed in order to prevent any breach on your system.