On Monday, Microsoft announced that the company detected an attack on a power plant in the United States. This attack was the result of hackers exploiting decades-old software vulnerabilities.
In its blog post about the incident, Microsoft explained that “by applying malicious code to malfunctioning systems carrying out generation control duties, cybercriminals are able to manipulate energy generation and use.”
For example, at one point attackers unplugged a generator from its grid connection and killed it by short-circuiting electricity through some equipment on site. At another point they manipulated a pressure valve so only half as much water was flowing out of a sprinkler head.
The attackers didn’t just mess around with the controls; they actually made a difference in how the plant worked.
Separately, security researchers have also discovered a malware program, known as Triton or Trisis, that is specifically designed to sabotage industrial control systems (ICS) at critical infrastructure sites in countries such as Ukraine and Russia. This kind of program could be used for either sabotage or espionage.
This is not something new. In fact, Microsoft’s blog post includes this warning: “These attacks underscore the increasing need for an ongoing focus on cybersecurity in critical infrastructure sectors like energy, water and manufacturing.”
Last year, we wrote about a sophisticated hacking campaign known as BlackEnergy that targeted some of the most critical US industries. According to researchers at the security firm Proofpoint, this widespread attack on industrial control systems (ICS) was carried out by state-sponsored cyberespionage group Sofacy.
In fact, Proofpoint’s chief technology officer told us that at least one of that group’s targets was a power plant. That’s because Stuxnet, the malware used in 2010 to disrupt Iran’s nuclear program, “targets different functions by looking for software modules with certain names. BlackEnergy uses the same payload that Stuxnet used.”
The problem is this: There are thousands of critical-infrastructure plants out there running decades-old operating systems, like Windows XP, which are vulnerable to all kinds of attacks, like the ones we saw against Ukraine and Russia.
“It’s not a patch or anti-virus issue,” said Robert Lipovsky, one of the security researchers who discovered Trisis. “It’s a matter of developing better technical solutions for securing control systems.”
That may be difficult because critical infrastructure sites are usually not connected to the Internet and they don’t generally have staff with technical expertise to deal with sophisticated security threats.
| Homepage | Click Hear |
