Following the news about hackers allied with the Russian government have devised a cyberweapon that has the potential to be the most disruptive yet against electric systems. The malware, which researchers have named CrashOverride, is known to have disrupted an energy system in Ukraine last December. Ladislav Zezula, Malware Researcher at Avast commented below.
Ladislav Zezula, Malware Researcher at Avast:
“CrashOverride, after infiltrating the computer that controls the electric power system, sends a “turn off” command to the power system controller. This results in a blackout.
The malware also has the capability to damage the controller PC beyond the point of being bootable, which means that recovering from the blackout is not possible within a short time period.
“A targeted system can be infected in many ways, including via spear phishing, or via an infected USB flash drive.
“The malware is designed to use standards IEC 60870-5-101, IEC 60870-5-104 and IEC 61850. These standards specify communication and monitoring protocols for industrial power systems. Any targeted power system that implements these standards, could be attacked by the malware, whether they are American or not. The success of an attack using this malware depends on whether a device supports these standards or not. If it doesn’t, the malware would have to be tailored and specifically tested to work with the particular power systems from the particular manufacturer.
“It is unlikely to affect the development of cybercrime in general. The mainstream trend of cybercrime is to get money, one way or another, whether it be through ransomware, bankers, spam, unwanted ads, or identity theft. This kind of malware does not help the cybercriminals behind it earn any money – its aim is to damage the targeted facility. Furthermore, developing malware like this requires access to the industrial systems that it is supposed to work with, which malware authors typically do not have access to.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.