What Industroyer teaches us about critical infrastructure attacks

Next story

Industroyer, the recent complex industrial malware discovered and first analyzed by ESET, offers attackers a modular complex way to attack systems like the power grid. What are the implications of this?

For years, adversaries have been quietly testing the defenses of bulk critical infrastructure like gas and oil systems, hydroelectric dams and the power grid itself. The motivations behind such tests are both alarming and easy to imagine. If a malicious actor can switch off the power across a whole city, for example, that can impact a region’s ability to do business, keep the traffic signals working, keep drinking water running and so on.

The first test of this type of attack strategy was leveled against the Ukrainian power grid in 2015, shutting off customers’ services by causing related production equipment systems to fail. A similar attack took place in December 2016; the malware used in this case was identified by ESET as Win32/Industroyer.

In the malware world, the bad actors like to reuse effective tools as long as possible. Due to the current modular approach to attack software, modules can be swapped out with others to suit a particular target. That is why they are so difficult to detect and stop, because no two look exactly the same.

Meanwhile, the providers of critical infrastructure, already tapped by budget constraints, are faced with upgrading decades-old systems with defenses that weren’t even imagined when they were originally built.

If your laptop gives you enough trouble, you just go buy a new one. On the other hand, if a company spends $20 million on a piece of power plant equipment, the expected lifespan might be 30 to 40 years or even more. So when it hears about some new network-hardened version of the same equipment, the motivation to swap a working, super-expensive piece of gear is understandably low.

But as companies are forced to roll out centralized management to these old, stable systems, problems can start to occur.

There are companies rolling out network defenses aimed at critical infrastructure, but as malware-based attacks have taught us, speed is everything. Scammers want maximum return on investment, and fast.

So the infrastructure providers scramble to educate their employees, train new recruits about network-based attacks, and keep the whole system running smoothly in the meantime, no easy task. Luckily, these providers are also starting to engage security specialists who can help them get up to speed and try to tune their defenses accordingly.

By working together, we hope to bring the right tools and expertise to bear on the bigger job of keeping us all a bit safer.

Interested in the full report? Check out the technical analysis on our security news site, WeLiveSecurity.com, here.

To learn more about how ESET protects against Industroyer, visit our Knowledgebase article here.

See ESET's powerful protection in action: Sign up for a live demo.