A new kind of malware

Kayla Matthews investigates a new wave of malware and what this means for the tech world

For years the primary concern with viruses and malware was that they might somehow attack your computer and make it unusable. However, as the attack on Kiev, Ukraine, that caused a blackout late last year shows, the concerns are now far greater.

Called “Industroyer” or “Crash Override,” this new wave of malware is an infrastructure threat to cities around the world. Here is a quick look at how it works, who is affected, and what might be done about it in the future.

How Industroyer works

The main target of the Industroyer malware is the communication protocols commonly used for energy, water, gas and transportation systems around the world. In most cases, these protocols have been around for years and don’t have much by way of security.

Industroyer gives hackers access to things such as circuit breakers and substation switches, allowing them to take full control, shut down electrical and other energy systems, and even damage equipment.

“Breakers play an important role in keeping entire communities fully functioning and connected to power sources,” said Cody Whisenhunt of BCS Switchgear.

“From light switches to motors for assembly lines, breakers help keep power from over-surging and burning things up. The worst part of an attack like this one [Industroyer] is its potential to affect so many people. We often don’t realize how much we need little-thought-of things like circuit breakers until they’re compromised.”

Regrettably, many of the protocols that run these systems weren’t designed with security and malware protection in mind. Hackers know this and look for vulnerabilities, then develop viruses that can communicate with said protocols.

Industroyer is only the second known malware used to take over industrial control systems, the first being the Stuxnet computer worm used to sabotage the nuclear program in Iran.

Who Industroyer affects

Unfortunately, the Industroyer malware can directly affect large swaths of the population. Last December’s attack on Kiev reportedly left roughly one-fifth of the Ukrainian city without power.

Considering the city’s 2015 population was 2,888,000 means the attack could have affected more than 577,000 people.

It’s not hard to imagine just how disruptive a city without power would be. In addition to multitudes of homes left literally in the dark, such an attack could affect manufacturing and factory production, transit systems and the general infrastructure most now take for granted.

The consequences of these attacks could be life threatening. Hospitals could lose power while doctors are in the midst of surgery. Downed traffic lights could cause accidents.

People in office buildings might be stuck in elevators. The list of possibilities is scary but very real.

Such attacks aren’t completely unexpected, however. The introduction of viruses and malware has been a concern since the consumerisation of IT was predicted years ago.

What can be done?

No matter how quickly security firms can respond to such attacks, the trick is preventing the attacks in the first place.

Since malware such as Industroyer goes after vulnerabilities in dated industrial protocols, updating those protocols seems like a logical step to take.

Rather than taking a reactionary approach, city, state and federal governments around the world need to think bigger picture to stay a step or two ahead of malicious hackers.

In the half-year since the attack on Kiev, US officials have taken steps to help prevent a similar situation in this country. The Department of Homeland Security made it clear that Industroyer and other similar types of malware could potentially be modified to go after power systems and information networks here in the US.

Also, the National Cybersecurity and Communications Center began analyzing the risk factors malware poses on US infrastructure. And the North American Electric Reliability Corporation, a regulatory authority for the electric industry, directed its members to protect their networks by limiting access.

How likely is a US Attack?

Thankfully, it would be difficult for attackers to carry out a large-scale attack on the US power grid. It’s not impossible, but it definitely is difficult.

To cause a widespread outage hackers would need inside knowledge about a whole host of digital, analog and manual systems, and in many different geographical locations.

As Bryan Singer, director of industrial cybersecurity services and sales at IOActive told Security Week, “That would require a lot of information about substation automation, what systems were in use, timing requirements between substations, interconnected systems across multiple utilities, and a myriad of other data. All obtainable, but certainly a large work effort to pull off.”

All of that said, there was a time when many thought that a 9/11-style attack on US soil was impossible, so it’s important officials stay vigilant in their efforts to prevent a malware attack that brings down power systems stateside.

In the end, the events in Kiev late last year hopefully served as a bit of a wake-up call that can help prevent similar attacks in the future.

We know malware such as Industroyer prey on antiquated system protocols, so it’s essential these are updated to avoid further danger.

While itis likely hackers will attempt something similar down the road, an increase in infrastructure security could go a long way toward making sure those attacks don’t gain traction.

Kayla Matthews is a tech journalist and blogger with more than five years of writing experience. You can find her work on VentureBeat, VICE and ProductivityBytes.com.