Malware has found a way to infiltrate nearly every part of society. Since computers and advanced technologies are being used within every industry, there are more opportunities than ever for hackers and their malicious programs to take advantage of vulnerabilities. One of the biggest dangers is malware that could used to take control of important infrastructure systems like the power grid, building security systems and roadways, to name only a few.
If malicious actors found a way to infiltrate these important areas of society, the result could be catastrophic. In the past, hackers have been able to send reconnaissance programs into industrial networks to steal data. Recently, however, two power distribution companies in Ukraine came under serious fire from a dangerous piece of code leaving many to wonder what the societal and political ramifications could be.
The details: What are industry experts saying?
In December, just before the holiday season, two power distribution companies in Ukraine found that hackers had somehow found a way to control their systems and cut power to around 80,000 people, according to Wired. Some operator workstations were also affected, making it harder for teams to get the grid back online following the incident. There were denial-of-service attacks also levied against the call centers associated with these companies, so that customers would have a harder time reporting the outage. The Ukrainian government almost immediately blamed Russia for the incident, but it remains unconfirmed whether that is actually the case.
Many security experts are calling this the first widespread coordinated attack against industrial networks – Wired contributor Kim Zetter speculated that such an incident could lead to questions about whether or not the energy systems in the U.S. itself were secure from these kinds of cyber crimes.
More reconnaissance malware
This isn't the only malware strain possibly targeting the energy sector, however. A January report indicated that a program called Trojan.Laziok had been set against industrial networks in the Middle East region, according to ZDNet contributor Charlie Osborne. The job of the Trojan was to gather information and data from companies' computer networks.
"Laziok acts as a reconnaissance tool which allows cyber attackers to infiltrate computer systems and steal data concerning computer systems themselves so hackers can choose whether to continue the assault or not with the overall aim of finding and stealing trade secrets," Osborne wrote.
This Trojan has mostly been pitted against networks in the United Arab Emirates, Saudi Arabia and Kuwait, but organizations within the U.K.and U.S. have also been targeted. Since Laziok is simply a reconnaissance malware, it isn't responsible for taking any industrial networks offline. However, this does show an increasing amount of attention being paid to these kinds of companies.
Not just utilities: Everyone is in danger
The December cyber attack against the two power distribution companies in Ukraine was heralded as possibly the first large-scale attack within the industrial sector. According to Trend Micro researchers, however, the malicious activity against Ukraine's power grid is just the tip of the iceberg. It's possible that the incidents were perpetrated using a strain of malware called BlackEnergy. While Zetter speculated that BlackEnergy may not be responsible for the attacks, research conducted by Trend Micro indicated that similar issues had happened recently involving this malware, so it's possible that they might have been carried out by the same hackers behind the Ukrainian utilities attack.
The power distribution companies aren't the only ones that have been affected by BlackEnergy. In 2015, researchers found that BlackEnergy was being used to steal data from companies in the energy industry, according to Dark Reading. Most recently, Trend Micro researchers discovered that a similar strain of malware was levied against a large Ukrainian mining company in November 2015, along with a different malicious program called KillDisk, which wipes the hard drive of an infected machine clean. Trend Micro researchers determined that the malware that infected systems of the mining outfit, and of a large railway operator in a different event, is being used by the same actors.
If the same actors are using BlackEnergy to target businesses within the energy industry, the real danger lies in the ramifications for society in general. Companies within both the public and private sectors are susceptible to attacks from these hackers, making it clear that organizations need to be prepared for such an event.
"BlackEnergy has evolved from being just an energy sector problem; now it is a threat that organizations in all sectors public and private should be aware of and be prepared to defend themselves from," Trend Micro researchers noted. "While the motivation for the said attacks has been the subject of heavy speculation, these appear to be aimed at crippling Ukrainian public and critical infrastructure in what could only be a politically motivated strike."
When hackers take advantage of vulnerabilities within the energy sector, more than just money is on the line. Investing in security solutions and maintaining firewalls is critical to securing the infrastructure of our society against those who would do it harm.