New Malware Targeting Energy Grid Actively Evades Security Measures

It has emerged that a new strain of malware, which security researchers say was most likely created by nation-state attackers, has infected at least one European energy company. SentinelOne Labs’ searchers’ claim the malware, dubbed SFG, bears the hallmarks of a nation-state attack and is designed to bypass both traditional anti-virus software and firewalls. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB, a global network and application security provider commented below.

Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB:

“I doubt anyone would disagree, taking down a power grid for an extended period of time would be disastrous for a modern society.  Most people have experienced power outages due to weather or equipment failures.  Normally they are a minor inconvenience and rarely do they result in loss of life. However, a power outage that lasted for days, weeks, or months would have an unprecedented effect on a society that depends on energy, and could potentially cause a tremendous loss of life.  Any extended outage would push that society back to the stone age.

Hospitals, datacenters, mobile and land-based communication operators, and government offices all have generators to keep the lights on when short-duration power failures are experienced.  However, those same generators will eventually run out of fuel and fail to provide energy in the event of an extended outage.

Nation states or hacker collectives that have the ability to use cyber-attacks to effect someone else’s power grid is an extremely scary scenario.  In this case, the malware that was found either entered the network via physical access or via the Internet. This scenario begs one to ask the question, “Should computing devices that control power grids be accessible to attackers on the Internet?”  In the light of this new malware, most would agree the answer should be “NO”.

So why are power company computing devices accessible to hackers or nation states? It could be due to attackers having physical access.  However, in almost every case, it’s because those computing devices are connected to the Internet in some shape or form.  Primarily this was done to improve efficiency and reduce costs for the power companies.  As a result, power companies increased profits at the cost of security.   Maybe it’s time to rethink that decision.”