In 2010, a massive threat to industrial control systems called Stuxnet spread worldwide to infect thousands of systems running Siemens software. It was a weapon developed to cripple nuclear facilities. Last year, a new threat emerged in Ukraine that rivals the danger of Stuxnet. This new threat took down a power plant for over an hour, and may have been a precursor to a large-scale efforts to take down or damage power grids, as well as other types of critical infrastructure in the future.
Industroyer is currently being analyzed by ESET, and linked to the power outage in Kiev in 2016. The Malware is automated, modular, and scalable – capable of directly controlling electricity substation switches and circuit breakers by using common industrial communication protocols in power supply infrastructure, transportation control systems, and other critical infrastructure.
Much like Stuxnet, the malware can be used to cause shutdowns or trigger chain reactions of machine failures, meaning that it can potentially shut down systems and also damage equipment. Industroyer attacks computers via a backdoor that allows it to send and receive commands. An alternate backdoor mimics a Notepad application, and there are tools within the software to wipe traces of interference after the damage has been done.
Power companies are especially at risk, but the malware could be adapted to attack a multitude of control system targets.
According to ESET, “Industroyer is highly customisable malware. While being universal, in that it can be used to attack any industrial control system using some of the targeted communication protocols, some of the components in analyzed samples were designed to target particular hardware. For example, the wiper component and one of the payload components are tailored for use against systems incorporating certain industrial power control products by ABB, and the DoS component works specifically against Siemens SIPROTECT devices used in electrical substations and other related fields of application.”
We encourage InduSoft Web Studio users to learn more on the ESET blog regarding Industroyer.
For more insight into cybersecurity, and best practices for safeguarding Industrial control systems, check out the e-books authored and coauthored by InduSoft:
InduSoft Application Design and SCADA Deployment Recommendations for Industrial Control System Security – This eBook provides guidance when building and implementing HMI and SCADA systems, and describes best practices to secure them against cyber-attacks and known vulnerabilities.
Framework for SCADA Cybersecurity – This eBook will provide Critical Infrastructure customers and academic students an understanding of the NIST Cybersecurity Critical Infrastructure Framework and how to apply the framework to new and existing SCADA applications and implementations.