Researchers at ESET have discovered a form of malware that it says in the biggest threat to industrial control systems since Stuxnet.
The malware is called Industroyer and after analysing it ESET has said that this malware may have been responsible for an attack on the Ukrainian power grid in 2016 which left Kiev without power for an hour.
It does this by using the industrial communication protocols which are used in power supply infrastructure, transport control systems and critical infrastructure.
The scary part of all this is that according to ESET, the attackers didn’t have to seek out a vulnerability they just had to teach Industroyer to “speak” to its targets in a particular way.
“Industroyer’s dangerousness lies in the fact that it uses protocols in the way they were designed to be used. The problem is that these protocols were designed decades ago, and back then industrial systems were meant to be isolated from the outside world. Thus, their communication protocols were not designed with security in mind,” ESET writes in a blog.
While ESET concedes that pinning the Ukrainian outage on Industroyer is tough without being at the point of attack, the malware appears to have the capabilities needed to execute such an attack.
So how exactly do you mitigate an attack that exploits the basic functionality of a system? Chief technology officer at Firemon Paul Calatayud likens the attack to a DDoS attack and offers up some advice for mitigating the risk of an Industroyer attack.
“The best way to protect these systems would be to deploy network segmentation to limit access to the ICS assets. The malware needs to be installed usually by a remote attack from outside the organisation. Limiting or preventing access would stop the ability of this attack to communicate with these systems,” says Calatayud.
The CTO goes on to say that a deploying network security policy management (using one point of contact to insure all systems have the same security settings) may also help to lessen the risk.
Beyond that however it’s time for industry to jump into 2017 and adopt proper security practices.[Image – CC BY ND Michael Oakes]