Breaking news

Industroyer: Biggest malware threat to critical infrastructure since Stuxnet

Kiev’s December 2016 blackout becomes only the second time in history that a power grid has been disrupted via digital attack. As such, Industroyer joins the exclusive company of Stuxnet, Havex, and BlackEnergy, the only ICS-targeting malware to be publicly revealed.

June 12, 2017

On December 17th, the Ukrainian capital Kiev was hit by a blackout. Local investigators later confirmed that the energy outage was caused by a cyberattack. Shortly thereafter, ESET® researchers analyzed a sophisticated new malware, which is the main suspect in this case. They have named it Industroyer – the biggest threat to Industrial Control Systems (ICS) since Stuxnet.

This dangerous malware was developed to exploit weaknesses in those systems and the communication protocols they use – systems developed decades ago with almost no security measures.  

Industroyer’s ability to persist in the system and to directly interfere with the operation of industrial hardware makes it the most dangerous malware threat to industrial control systems since the infamous Stuxnet, which successfully attacked Iran’s nuclear program and was discovered in 2010.

ESET Senior Malware Researcher, Anton Cherepanov

Scheme of Industroyer operation - image

The relatively low impact of December 2016’s blackout stands in great contrast to the technical level and sophistication of the suspected malware behind Industroyer. The possible explanation for this – and the opinion of many security researchers- is that this was a large-scale test. True or not, this (analysis) should be a wake-up call for those responsible for the security of critical infrastructure (systems) worldwide.

ESET Senior Malware Researcher, Robert Lipovsky

Watch the interview with Senior ESET Researcher, Robert Lipovsky and learn more about this cyber threat.

Further reading

Newsroom

About ESET

For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. 

With solutions ranging from endpoint and mobile security, to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. 

ESET unobtrusively protects and monitors 24/7, updating defenses in real-time to keep users safe and businesses running without interruption.

Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET becomes the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

For more information visit www.eset.com or follow us on LinkedInFacebook and Twitter

Discover comprehensive ESET protection

For home

FOR HOME

For business

FOR BUSINESS

Toshiba logo
Allianz Suisse logo
Canon logo
Deloitte logo
T-com logo