News / Europe

    National Power Grids Increasingly Targeted in Cyber Attacks

    Related Articles

    Russia Suspected in First-ever Cyberattack on Ukraine’s Power Grid

    If Ukraine's grid was intentionally sabotaged, it could be classified as an act of war

    Cyber Hacking Likely to Grow in Frequency, Sophistication

    US intelligence community foresees ongoing, low-to-moderate level cyber-attacks over time

    Analysts Warn Middle East Hackers Trying to Attack US Infrastructure

    Concern about vulnerable, critical assets, millions of digital operational networks that control everything from water treatment to manufacturing to electric grid

    Ukraine’s electric power grid is once again under cyberattack, just one month after a similar incident successfully brought down portions of the system and left millions in the dark.

    Worse, researchers studying the attacks say the malware believed responsible – a new version of the so-called BlackEnergy bug – has likely spread to numerous European power grids and is poised to infect many more.

    The attacks and spreading malware have left cybersecurity analysts scrambling to determine not only which systems are at greatest risk, but who might be responsible.

    “We need to assume it’s already being deployed around Europe,” says Udi Shamir, co-founder and chief security officer for the cybersecurity firm SentinelOne. “This is cyber-warfare; we need to wake up and see that this is war.”

    Shamir and his team recently completed a total reverse engineering of the new BlackEnergy3 bug – a technique often used by analysts to learn how bugs work, and possibly who wrote it.

    What they discovered is that BlackEnergy3 is using the same Microsoft Office vulnerability to spread as its earlier, and less sophisticated, versions, BE1 & BE2. Shamir says that’s unusual, because Microsoft patched that hole in 2014.

    “There are a few possible explanations,” Shamir told VOA. “First, these just might be old systems that haven’t been updated.  Second, someone on the inside might be intentionally spreading this. And third, it’s possible these bugs have been sleeping in systems for months on end, and they’re only now waking up.”

    Attribution is notoriously difficult with malware, making it very difficult to conclusively prove who is behind these attacks; however, researchers at the cybersecurity firm iSight previously found similarities between earlier versions of BlackEnergy and the Russian-linked Sandworm malware that targeted NATO infrastructure back in 2014.

    Shamir found the same similarities in BlackEnergy3, providing his team with “suggestions” of Russian involvement. “The code-style, the clustering, yeah it looks like Russia,” Shamir said. “I’m pretty confident that the origin is from Russia, but I don’t have any bulletproof evidence.”

    More troublesome, Shamir says this latest version of BlackEnergy is “modular,” making it much easier for hackers to quickly change how the malware works, and significantly harder for security analysts to find and root it out.

    “You can update it, you can replace it, you can change it, you can even change its entire functionality,” said Shamir. “So if you have a sleeper in one industrial network, it can get a totally new command module and infect other systems,” he said.

    It’s that ever-changing nature of the malware that’s making it so difficult to figure out how exactly how it works, and what systems within the power grids it’s infecting and disabling.

    Most worrisome, says Shamir, is the fact that the majority of BlackEnergy3’s computer coding doesn’t involve infecting and interfering with the industrial command and control systems that make power grids and other heavy industry work. Rather, it appears designed to conduct highly sophisticated monitoring and recording of data – a tactic known as “sniffing.”

    “It can detect and record network traffic, steal user credentials and documents if they’re working in a non-encrypted fashion, and exfiltrate all that data,” said Shamir. “That could allow (the hackers) to adjust BlackEnergy3 on the fly. It’s clearly more geared to espionage, and that’s what worries us, because we don’t know where it is now.”

    Traditionally, utilities and nation-states are reluctant to publicly confirm that their critical infrastructure is vulnerable to cyberattack, making it that much more difficult for researchers to track BlackEnergy3’s spread and activities.

    SentinelOne’s Udi Shamir, however, and many other cybersecurity analysts, say they are sure the bug will continue to spread, and that will lead to many more blackouts and “mysterious” malfunctions in national power grids, transportation, and other industrial infrastructure.


    Doug Bernard

    dbjohnson+voanews.com

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.

    You May Like

    Video Democrats Clinton, Kaine Offer 'Very Different Vision' Than Trump

    In a jab at Trump, Clinton says her team wants to 'build bridges, not walls'; Obama Hails Kaine's record; Trump calls Kaine a 'job-killer'

    Turkey Wants Pakistan to Close Down institutions, Businesses Linked to Gulen

    Thousands of Pakistani students are enrolled in Gulen's commercial network of around two dozen institutions operating in Pakistan for over two decades

    AU Passport A Work in Progress

    Who will get the passport and what the benefits are still need to be worked out

    This forum has been closed.
    Comments
         
    There are no comments in this forum. Be first and add one

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    In State of Emergency, Turkey’s Erdogan Focuses on Spiritual Movementi
    X
    July 22, 2016 11:49 AM
    The state of emergency that Turkish President Recep Tayyip Erdogan has declared is giving him even more power to expand a purge that has seen an estimated 60,000 people either arrested or suspended from their jobs. VOA Europe correspondent Luis Ramirez reports from Istanbul.
    Video

    Video In State of Emergency, Turkey’s Erdogan Focuses on Spiritual Movement

    The state of emergency that Turkish President Recep Tayyip Erdogan has declared is giving him even more power to expand a purge that has seen an estimated 60,000 people either arrested or suspended from their jobs. VOA Europe correspondent Luis Ramirez reports from Istanbul.
    Video

    Video Scientists in Poland Race to Save Honeybees

    Honeybees are in danger worldwide. Causes of what's known as colony collapse disorder range from pesticides and loss of habitat to infections. But scientists in Poland say they are on track to finding a cure for one of the diseases. VOA’s George Putic reports.
    Video

    Video Wall Already Runs Along Parts of US-Mexico Border

    The Republican Party’s presidential nominee, Donald Trump, gained the support of many voters by saying he would build a wall to keep undocumented immigrants and drugs from coming across the border from Mexico. Critics have called his idea impractical and offensive to Mexico, while supporters say such a bold approach is needed to control the border. VOA’s Greg Flakus has more from the border town of Nogales, Arizona.
    Video

    Video New HIV Tests Emphasize Rapid Results

    As the global fight against AIDS intensifies, activists have placed increasing importance on getting people to know their HIV status. Some companies are developing new HIV testing methods designed to be quick, easy and accurate. Thuso Khumalo looks at the latest methods, presented at the International AIDS conference in Durban, South Africa.
    Video

    Video African Youth with HIV Urge More Support

    HIV, the virus that causes AIDS, is the top killer of teens in sub-Saharan Africa. But many youths say their experience with the virus is unique and needs to be addressed differently than the adult epidemic. VOA South African Correspondent Anita Powell reports.
    Video

    Video Poor Residents in Cleveland Not Feeling High Hopes of Republican Convention

    With the Republican Party's National Convention underway in Cleveland, Ohio, delegates and visitors are gathered in the host city's downtown - waiting to hear from the party's presidential candidate, Donald Trump. But a few kilometers from the convention's venue, Cleveland's poorest residents are not convinced Trump or his policies will make a difference in their lives. VOA's Ramon Taylor spoke with some of these residents as well as some of the Republican delegates and filed this report.
    Video

    Video Pop-Up Art Comes to Your Living Room, Backyard and Elsewhere

    Around the world, independent artists and musicians wrestle with a common problem: where to exhibit or perform? Traditional spaces such as museums and galleries are reserved for bigger names, and renting a space is not feasible for many. Enter ArtsUp, which connects artists with venue owners. Whether it’s a living room, restaurant, office or even a boat, pop-up events are bringing music and art to unexpected places. Tina Trinh has more.
    Video

    Video With Yosemite as Backdrop, Obama Praises National Parks

    Last month, President Barack Obama and his family visited some of the most beautiful national parks in the U.S. Using the majestic backdrop of a towering waterfall in California's Yosemite National Park, Obama praised the national park system which celebrates its 100th anniversary this year. He talked about the importance of America’s “national treasures” and the need to protect them from climate change and other threats. VOA’s Julie Taboh reports.
    Video

    Video Counter-Islamic State Coalition Plots Next Steps

    As momentum shifts against Islamic State in Iraq, discussions are taking place about the next steps for driving the terrorist group from its final strongholds. Secretary of State John Kerry is hosting a counter-IS meeting at the State Department, a day after defense ministers from more than 30 countries reviewed and agreed upon a course of action. VOA Pentagon correspondent Carla Babb reports.
    Video

    Video Russia's Participation at Brazil Olympic Games Still In Question

    The International Olympic Committee has delayed a decision on whether to ban all Russian teams from competing in next month's Olympic Games in Brazil over allegations of an elaborate doping scheme. The World Anti-Doping Agency recently released an independent report alleging widespread doping by Russian athletes at the 2014 Winter Olympics in Sochi. So far, only Russian track and field athletes have been barred from the Summer Games in Brazil. VOA's Zlatica Hoke has more.
    Video

    Video Scotland’s Booming Whisky Industry Fears Brexit Hangover

    After Britain’s vote to leave the European Union, Scotland’s government wants to break away from the United Kingdom – fearing the nation’s exports are at risk. Among the biggest of these is whisky. Henry Ridgwell reports on a time of turmoil for those involved in the ancient art of distilling Scotland’s most famous product.
    Video

    Video Millennials Could Determine Who Wins Race to White House

    With only four months to go until Americans elect a new president, one group of voters is getting a lot more attention these days: those ages 18 to 35, a generation known as millennials. It’s a demographic that some analysts say could have the power to decide the 2016 election. But a lot depends on whether they actually turn out to vote. VOA’s Alexa Lamanna reports.

    Special Report

    Adrift The Invisible African Diaspora