– A few years ago it was difficult to imagine that a break in the supply of gas or electricity, communication problems in the city may be the result of hacking. Today, we note more and more burglaries just for the critical infrastructure of various states. Past a very serious event took place in Ukraine – says newsrm.tv Mariusz Rzepka, director FORTINET Poland, Ukraine and Belarus.
In December, in several regions of western Ukraine there was a break in the supply of electricity resulting from the failure of 57 substations power supply. At first it was considered to be the cause “noise” in the monitoring system caused by one of the plant.
Later, however, it was found that it was a hacker attack systems ICS these power plants. January 4, 2016 r. The cause of failure confirmed the Ukrainian branch of the CERT (CERT-UA). This incident is considered to be the first proven case of interruption in the supply of electricity due to cyber attack.
This advanced, well-planned attack consisted of 3 stages:
– infect systems method spear- phishing using MS Office documents attached to e-mail. The files contain malicious commands macro;
– take over the system and prevent its recoverable by removing the file system on the control systems;
– DDoS attacks (ang. Distributed Denial of Service – a distributed denial of service) aimed at customer service centers of various power plants, carried out in the form of massive bogus phone calls, which delayed the moment a problem is detected by the company.
it was found that in these attacks used known since 2007, malware family BlackEnergy, W 2014. was also detected other variations thereof, which collect information about the infrastructure, SCADA.
Published in December 2015. two reports of attacks on systems ICS in the United States related to the attacks reconnaissance, ie. in order to not damage systems, but get the information.
the first of these reports describe an unacknowledged earlier attack on the dam Bowman Avenue Dam in New York in 2013. While the dam itself was not damaged, cybercriminals searched the infected computers, probably in order to collect specific information. It was also confirmed that the attack made by Iranian hackers.
In the second case, the analysis computer belonging to a contractor company Calpine – the largest US producer of electricity from natural gas and geothermal – showed that the computer has been attacked by hackers stolen data concern. Stolen information was found on one of the FTP servers belonging to cybercriminals, who contacted the infected systems. These included user names and passwords for remote contact networks Calpine and detailed drawings of the network and 71 power stations across the United States.
Cybercriminals cut off our electricity?
No comments:
Post a Comment