It has emerged that a new strain of malware, which security researchers say was most likely created by nation-state attackers, has infected at least one European energy company. SentinelOne Labs’ searchers’ claim the malware, dubbed SFG, bears the hallmarks of a nation-state attack and is designed to bypass both traditional anti-virus software and firewalls. Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB, a global network and application security provider commented below.
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB:
Hospitals, datacenters, mobile and land-based communication operators, and government offices all have generators to keep the lights on when short-duration power failures are experienced. However, those same generators will eventually run out of fuel and fail to provide energy in the event of an extended outage.
Nation states or hacker collectives that have the ability to use cyber-attacks to effect someone else’s power grid is an extremely scary scenario. In this case, the malware that was found either entered the network via physical access or via the Internet. This scenario begs one to ask the question, “Should computing devices that control power grids be accessible to attackers on the Internet?” In the light of this new malware, most would agree the answer should be “NO”.
So why are power company computing devices accessible to hackers or nation states? It could be due to attackers having physical access. However, in almost every case, it’s because those computing devices are connected to the Internet in some shape or form. Primarily this was done to improve efficiency and reduce costs for the power companies. As a result, power companies increased profits at the cost of security. Maybe it’s time to rethink that decision.”