Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Power Security

Ukraine Power Station Outage -- Enabled By Malware, But Not Caused By Malware (sans.org) 35

itwbennett writes: A new study of a recent cyberattack against Ukrainian power companies suggests malware didn't directly cause the outages that affected at least 80,000 customers. While malware was used to gain access to networks, the attackers then opened circuit breakers that cut power, according to information published Saturday by the SANS Industrial Control Systems (ICS) team. The attackers used direct intervention to try to mask their actions to the power systems operators and also conducted denial-of-service attacks on the utilities' phone systems to block complaints from affected customers, SANS said.
This discussion has been archived. No new comments can be posted.

Ukraine Power Station Outage -- Enabled By Malware, But Not Caused By Malware

Comments Filter:
  • by Anonymous Coward
    The malware didn't cause the outages, the circuit breakers that the malware allowed the hackers to open caused it. To me, that's a distinction without a difference.
    • Ukraine is weak

      • Ukraine is weak

        It is feeble! I think it is time to put the hurt on Ukraine...

    • by plover ( 150551 )

      It wasn't the summary's fault. It's an accurate summary of a really stupid article. But it's in CSO Online magazine, so consider the audience is not the sharpest technical group. To them, it's all technobabble.

    • To me, that's a distinction without a difference.

      There's a very clear distinction to me. It implies that this was not some complicated malware attack like Stuxnet which was specifically crafted to act as the payload. Rather it was just some malware designed to let someone in to manually do something malicious.

      The complexity of the malware alone can differentiate who is implicated in the attack and it shows that this attack is very different from some other attacks on industrial systems.

  • by Ol Olsoc ( 1175323 ) on Monday January 11, 2016 @11:21AM (#51277733)
    A very fine sharp dividing line here.

    Yes your honor, I stabbed the victim a hundred times. But it wasn't me - it was the knife that did the cutting.

    • Re:Sheesh (Score:5, Insightful)

      by aicrules ( 819392 ) on Monday January 11, 2016 @11:29AM (#51277801)
      It's more like if you leave a shim in a door on your way out of a light bulb plant, then later come back and use that door to gain access and then proceed to smash hundreds of bulbs. The shim wasn't what destroyed the light bulbs, but it sure did come in handy to let you do it when you wanted to. If the shim placed in the door then sprung to life at a predetermined time and went about smashing bulbs on its own, then that would be akin to what they were originally thinking. Overall it doesn't matter too much to the crime committed, but from a technological standpoint it means the malware had less complex behavior built into it than they were giving it credit for.
      • I'm still amazed that a system like this was accessible remotely. I know people that work for Hydro Quebec and they tell me the controls are 100% offline.

    • No, not really .. malware was one of many pieces which enabled this to happen, but the malware did not directly do the attack. The malware was used to get a foothold, and to cover their tracks. But the actual attacks were more targeted and used other things.

      This is more like someone exploiting an issue with your security system to gain access to your home so they could target your wall safe.

      The malware itself wasn't the core of the attack, but it was an enabling and contributing aspect of the actual attac

    • by sycodon ( 149926 )

      The Knife didn't kill him. It was the blood loss.

  • About all this says over what we previously knew is that apparently the attackers picked the time of the outage and then had multiple attack points to prevent the operator from being able to effectively disrupt what the attackers where doing. This is different from some virus infection that just so happed to disrupt the operation of the equipment.

    But this all matters to me why? Ukraine isn't known for it's security, physical or network. Ukraine isn't known for using the best of technology in their power

  • The attackers used direct intervention to try to mask their actions to the power systems operators and also conducted denial-of-service attacks on the utilities' phone systems to block complaints from affected customers

    Ok, this has gone far enough. Time to get James Bond involved.

  • It's *full* of moronic CEOs who want Everything Internet Enabled!!!.. and some not only do not have air gaps between the grid controls and the 'Net, but don't even know what the words "air gap" means.

                                mark

"Ada is PL/I trying to be Smalltalk. -- Codoso diBlini

Working...