Mischievous and notorious cyber-attacks have always been a point of great ordeal for every department linked to worldwide web. An example is the famous hacking of NASA and US defence system by Jonathan James. However, administrators of power stations would not have thought that a malware affecting electrical power grid can pose risk amidst this cyber attacking trend.
This presumption caught the Ukrainian power grid control system by surprise when they found out that for the first time, a power grid was also successfully hacked. This caused great ordeal for the citizens in the northern part of Ukrainian’s capital Kiev as the power was cut down for almost an hour and 15 minutes.
Making research into this incident, after thorough study, security researchers at ESET and Dragos Inc. have finally figured out the method by which the hackers were able to remotely attack the power grid in Ukraine. It might be shocking for everyone but what they have found as the culprit is nothing but merely a malware capable of doing wonders to such strong systems.
Named after its ability to cause blackouts, “Industroyer” or “CrashOverRide” is, what security researchers think, a big advancement in the field of hacking which poses risks to social stability and smooth running of government system. It is the 2nd malware after Stuxnet (malware used in attempt of hacking Iran’s nuclear facilities) that has the ability to target vital parts of a country.
This malware for electrical power grid is ingeniously designed as it does not uses any vulnerabilities in existing software. Instead it creates those vulnerabilities itself. It uses basic industrial communication protocols to cause direct harm to the integrated circuits and their programming.
According to Dragos, this malware establishes remote command and control system by ingeniously inducing components that give the ability to the hacker to control all switches and circuit breakers remotely. Even researchers at ESET seem shocked over the knowledge and depth of industrial systems that the maker of this malware affecting electrical power grid beholds.
Dragos CEO, Robert M. Lee commented that CrashOverRide has the ability to even cause blackouts lasting several days. He also thinks that governments need to take serious steps to remain safe from this malware because this malware might be used for greater purposes than the Ukraine event last December.
Considering the dilemma this malware can cause to other major infrastructure systems as well, security firms have alerted governments over ways and methods to deal with this dilemma. Let us hope the authorities come into action soon.
