The power grid, along with other utilities continue to not receive their due cybersecurity attention. Unfortunately, the population does not appreciate, in general, how very vulnerable a significant portion of these is. More to the point the subsequent potential effects of a breach (i.e. no electricity for extended periods) are not appreciated...until it happens to a set of users.
Attackers
Well, this issue has two sides, as do most. While one side has not given this the appropriate level of attention, another has given this at least a baseline amount-the attackers. Recently the Kyiv power grid was attacked. From the appearances and evidence present, a well-known group was involved with this latest attack. This was allegedly the work of the Telebots and used Industroyer. This was the same malware responsible for the disc-wiping software NotPetya and BlackEnergy. The group was responsible for the 2015 blackout in the Ukrain.
Telebots had been linked to Industroyer due to their recent activity. A group attempted to deploy a new backdoor titled Exaramel. This appears to be an improved version of Industroyer. This appearance is based on code similarities, shared command & control (C&C) infrastructure, and malware execution chains. While this is not 100% indicative, the point and direction are rather significant. This pattern of implementing the specific backdoor is rather telling.
Resources
Lyngaas, S. (2018, October 11). Researches link tools used in notpetya and ukraine grid hacks. Retrieved from https://www.cyberscoop.com/telebots-eset-notpetya-ukraine-link/
Reeve, T. (2018, October 11). Kyiv power grid attack attributed to telebots through industroyer link. Retrieved from https://www.scmagazineuk.com/kyiv-powre-grid-attack-attributed-telebots-industroyer-link/article/1495836?bulletin=sc-newswire
WeLiveSecurity. (2018, October 11). New telebots backdoor: First evidence linking industroyer to notpetya. Retrieved from https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/
No comments:
Post a Comment