News / Europe

    National Power Grids Increasingly Targeted in Cyber Attacks

    Related Articles

    Russia Suspected in First-ever Cyberattack on Ukraine’s Power Grid

    If Ukraine's grid was intentionally sabotaged, it could be classified as an act of war

    Cyber Hacking Likely to Grow in Frequency, Sophistication

    US intelligence community foresees ongoing, low-to-moderate level cyber-attacks over time

    Analysts Warn Middle East Hackers Trying to Attack US Infrastructure

    Concern about vulnerable, critical assets, millions of digital operational networks that control everything from water treatment to manufacturing to electric grid

    Ukraine’s electric power grid is once again under cyberattack, just one month after a similar incident successfully brought down portions of the system and left millions in the dark.

    Worse, researchers studying the attacks say the malware believed responsible – a new version of the so-called BlackEnergy bug – has likely spread to numerous European power grids and is poised to infect many more.

    The attacks and spreading malware have left cybersecurity analysts scrambling to determine not only which systems are at greatest risk, but who might be responsible.

    “We need to assume it’s already being deployed around Europe,” says Udi Shamir, co-founder and chief security officer for the cybersecurity firm SentinelOne. “This is cyber-warfare; we need to wake up and see that this is war.”

    Shamir and his team recently completed a total reverse engineering of the new BlackEnergy3 bug – a technique often used by analysts to learn how bugs work, and possibly who wrote it.

    What they discovered is that BlackEnergy3 is using the same Microsoft Office vulnerability to spread as its earlier, and less sophisticated, versions, BE1 & BE2. Shamir says that’s unusual, because Microsoft patched that hole in 2014.

    “There are a few possible explanations,” Shamir told VOA. “First, these just might be old systems that haven’t been updated.  Second, someone on the inside might be intentionally spreading this. And third, it’s possible these bugs have been sleeping in systems for months on end, and they’re only now waking up.”

    Attribution is notoriously difficult with malware, making it very difficult to conclusively prove who is behind these attacks; however, researchers at the cybersecurity firm iSight previously found similarities between earlier versions of BlackEnergy and the Russian-linked Sandworm malware that targeted NATO infrastructure back in 2014.

    Shamir found the same similarities in BlackEnergy3, providing his team with “suggestions” of Russian involvement. “The code-style, the clustering, yeah it looks like Russia,” Shamir said. “I’m pretty confident that the origin is from Russia, but I don’t have any bulletproof evidence.”

    More troublesome, Shamir says this latest version of BlackEnergy is “modular,” making it much easier for hackers to quickly change how the malware works, and significantly harder for security analysts to find and root it out.

    “You can update it, you can replace it, you can change it, you can even change its entire functionality,” said Shamir. “So if you have a sleeper in one industrial network, it can get a totally new command module and infect other systems,” he said.

    It’s that ever-changing nature of the malware that’s making it so difficult to figure out how exactly how it works, and what systems within the power grids it’s infecting and disabling.

    Most worrisome, says Shamir, is the fact that the majority of BlackEnergy3’s computer coding doesn’t involve infecting and interfering with the industrial command and control systems that make power grids and other heavy industry work. Rather, it appears designed to conduct highly sophisticated monitoring and recording of data – a tactic known as “sniffing.”

    “It can detect and record network traffic, steal user credentials and documents if they’re working in a non-encrypted fashion, and exfiltrate all that data,” said Shamir. “That could allow (the hackers) to adjust BlackEnergy3 on the fly. It’s clearly more geared to espionage, and that’s what worries us, because we don’t know where it is now.”

    Traditionally, utilities and nation-states are reluctant to publicly confirm that their critical infrastructure is vulnerable to cyberattack, making it that much more difficult for researchers to track BlackEnergy3’s spread and activities.

    SentinelOne’s Udi Shamir, however, and many other cybersecurity analysts, say they are sure the bug will continue to spread, and that will lead to many more blackouts and “mysterious” malfunctions in national power grids, transportation, and other industrial infrastructure.

    Doug Bernard

    Doug Bernard covers cyber-issues for VOA, focusing on Internet privacy, security and censorship circumvention. Previously he edited VOA’s “Digital Frontiers” blog, produced the “Daily Download” webcast and hosted “Talk to America”, for which he won the International Presenter of the Year award from the Association for International Broadcasting. He began his career at Michigan Public Radio, and has contributed to "The New York Times," the "Christian Science Monitor," SPIN and NPR, among others. You can follow him @dfrontiers.

    You May Like

    US-Russia Tensions Complicate Syria War

    With a shared enemy and opposing allies, Russia and the US are working to avoid confrontation

    Video Re-opening Old Wounds in Beirut's Bullet-riddled Yellow House

    Built in neo-Ottoman style in 1920s, it is set to be re-opened in Sept. as ‘memory museum’ - bullet-riddled walls and bunkered positions overlooking city’s notorious ‘Green Line’ maintained for posterity

    Cambodian-Americans Lobby for Human Rights Resolution

    Resolution condemns all forms of political violence in Cambodia, urges Cambodian government to end human rights violations, calls for respect of press freedom

    This forum has been closed.
    There are no comments in this forum. Be first and add one

    Featured Videos

    Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
    Brexit Vote Plunges Global Markets Into Uncharted Territoryi
    June 24, 2016 9:38 PM
    British voters plunged global markets into unknown territory after they voted Thursday to leave the European Union. The results of the Brexit vote, the term coined to describe the referendum, caught many off guard. Analysts say the resulting volatility could last for weeks, perhaps longer. Mil Arcega reports.

    Video Brexit Vote Plunges Global Markets Into Uncharted Territory

    British voters plunged global markets into unknown territory after they voted Thursday to leave the European Union. The results of the Brexit vote, the term coined to describe the referendum, caught many off guard. Analysts say the resulting volatility could last for weeks, perhaps longer. Mil Arcega reports.

    Video Orlando Shooting Changes Debate on Gun Control

    It’s been nearly two weeks since the largest mass shooting ever in the United States. Despite public calls for tighter gun control laws, Congress is at an impasse. Democratic lawmakers resorted to a 1960s civil rights tactic to portray their frustration. VOA’s Carolyn Presutti explains how the Orlando, Florida shooting is changing the debate.

    Video Tunisian Fishing Town Searches for Jobs, Local Development Solutions

    As the European Union tries to come to grips with its migrant crisis, some newcomers are leaving voluntarily. But those returning to their home countries face an uncertain future.  Five years after Tunisia's revolution, the tiny North African country is struggling with unrest, soaring unemployment and plummeting growth. From the southern Tunisian fishing town of Zarzis, Lisa Bryant takes a look for VOA at a search for local solutions.

    Video 'American Troops' in Russia Despite Tensions

    Historic battle re-enactment is a niche hobby with a fair number of adherents in Russia where past military victories are played-up by the Kremlin as a show of national strength. But, one group of World War II re-enactors in Moscow has the rare distinction of choosing to play western ally troops. VOA's Daniel Schearf explains.

    Video Experts: Very Few Killed in US Gun Violence Are Victims of Mass Shootings

    The deadly shooting at a Florida nightclub has reignited the debate in the U.S. over gun control. Although Congress doesn't provide government health agencies funds to study gun violence, public health experts say private research has helped them learn some things about the issue. VOA's Carol Pearson reports.

    Video Trump Unleashes Broadside Against Clinton to Try to Ease GOP Doubts

    Recent public opinion polls show Republican Donald Trump slipping behind Democrat Hillary Clinton in the presidential election matchup for November. Trump trails her both in fundraising and campaign organization, but he's intensifying his attacks on the former secretary of state. VOA National Correspondent Jim Malone reports.

    Video Muslim American Mayor Calls for Tolerance

    Syrian-born Mohamed Khairullah describes himself as "an American mayor who happens to be Muslim." As the three-term mayor of Prospect Park, New Jersey, he believes his town of 6,000 is an example of how ethnicity and religious beliefs should not determine a community's leadership. Ramon Taylor has this report from Prospect Park.

    Video Internal Rifts Over Syria Policy Could Be Headache for Next US President

    With the Obama administration showing little outward enthusiasm for adopting a more robust Syria policy, there is a strong likelihood that the internal discontent expressed by State Department employees will roll over to the next administration. VOA State Department correspondent Pam Dockins reports.

    Video Senegal to Park Colorful ‘Cars Rapide’ Permanently

    Brightly painted cars rapide are a hallmark of Dakar, offering residents a cheap way to get around the capital city since 1976. But the privately owned minibuses are scheduled to be parked for good in late 2018, as Ricci Shryock reports for VOA.

    Video Florida Gets $1 Million in Emergency Government Funding for Orlando

    The U.S. government has granted $1 million in emergency funding to the state of Florida to cover the costs linked to the June 12 massacre in Orlando. U.S. Attorney General Loretta Lynch announced the grant Tuesday in Orlando, where she met with survivors of the shooting attack that killed 49 people. Zlatica Hoke reports.

    Video How to Print Impossible Shapes with Metal

    3-D printing with metals is rapidly becoming more advanced. As printers become more affordable, the industry is partnering with universities to refine processes for manufacturing previously impossible things. A new 3-D printing lab aims to bring the new technology closer to everyday use. VOA's George Putic reports.

    Video Big Somali Community in Minnesota Observes Muslim Religious Feast

    Ramadan is widely observed in the north central US state of Minnesota, which a large Muslim community calls home. VOA Somali service reporter Mohmud Masadde files this report from Minneapolis, the state's biggest city.

    Special Report

    Adrift The Invisible African Diaspora