Major power outage originates from phishing email
Reports are emerging that a major power outage which occurred last month in the Ukraine was caused by a targeted malware attack. On December 23rd, approximately 700,000 homes in Western Ukraine lost power when the Prykarpattyaoblenergo electricity provider was compromised. According to The Telegraph, “It has now emerged that hackers inserted malicious software in systems used by several electricity networks, and in one case –the Prykarpattyaoblenergo network - successfully shut down power and prevented computers from rebooting, bringing the network offline.”
Forbes reports that “The malware was soon linked to a known hacker tool - BlackEnergy – that had previously been used in attempts to breach energy providers the world over, including US organizations.” Security provider ESET attributes the initial point of infection with the BlackEnergy malware to employees opening Microsoft Office files containing malicious code. The employees were targeted using a spear-phishing attack. A typical phishing attack involves cybercriminals posing as a trustworthy entity in electronic communication, such as a bank or service provider, in an attempt to trick users into providing sensitive information or downloading malicious software. Spear phishing involves the same style of attack but specifically targets an individual or organization: “The Ukrainian security company CyS Centrum published two screenshots of emails used in BlackEnergy campaigns, where the attackers spoofed the sender address to appear to be one belonging to Rada (the Ukrainian parliament).”
A similar story was reported by the Wall Street Journal last month, regarding the disclosure of a 2013 breach of the Bowman Avenue Dam near Rye Brook, New York. According to the paper, Iranian hackers infiltrated the control system of the “small dam less than 20 miles from New York City two years ago, sparking concerns that reached to the White House, according to former and current U.S. officials and experts familiar with the previously undisclosed incident.” The 2013 hacking campaign did not cause any damage but did reveal extensive information to attackers about the computer systems running the dam’s flood control operations.
Reports of both attacks are an auspicious start to the new year. Regarding the attack on the Ukraine, Forbes commented that it is “a rare public example of hackers taking out critical infrastructure and another sign of the rising digitization of warfare.” The trend suggests that this mode of attack is becoming less rare.