classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory


Biggest threat to industrial systems
July 2017, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management, Industrial (Industry)

ESET researchers have discovered the biggest threat to industrial control systems since Stuxnet. Industroyer is a sophisticated and extremely dangerous malware designed to disrupt critical industrial processes.

Researchers analysed samples of the malware, detected by ESET as Win32/Industroyer, capable of performing an attack on power supply infrastructure. The malware was most probably involved in the December 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour.

ESET researchers discovered Industroyer is capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. The potential impact may range from simply turning off power distribution, triggering a cascade of failures, to more serious damage to equipment.

Industroyer is a particularly dangerous threat, since it is capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).

These switches and circuit breakers are digital equivalents of analogue switches; technically they can be engineered to perform various functions. Thus, the potential impact may range from simply turning off power distribution, cascading failures and more serious damage to equipment. The severity may also vary from one substation to another.

Industroyer’s dangerousness lies in the fact that it uses protocols in the way they were designed to be used. The problem is that these protocols were designed decades ago, and back then industrial systems were meant to be isolated from the outside world. Thus, their communication protocols were not designed with security in mind. That means that the attackers didn’t need to be looking for protocol vulnerabilities; all they needed was to teach the malware ‘to speak’ those protocols.

Industroyer is modular malware. Its core component is a backdoor used by attackers to manage the attack: it installs and controls the other components and connects to a remote server to receive commands and to report to the attackers.

What sets Industroyer apart from other malware targeting infrastructure is its use of four payload components, which are designed to gain direct control of switches and circuit breakers at an electricity distribution substation.

Each of these components targets particular communication protocols specified in the following standards: IEC 60870-5-101, IEC 60870-5-104, IEC 61850, and OLE for Process Control Data Access (OPC DA).

Generally, the payloads work in stages whose goals are mapping the network, and then figuring out and issuing commands that will work with the specific industrial control devices. Industroyer’s payloads show the authors’ deep knowledge and understanding of industrial control systems.

The malware contains a few more features that are designed to enable it to remain under the radar, to ensure the malware’s persistence, and to wipe all traces of itself after it has done its job.

Industroyer is highly customisable malware. While being universal, in that it can be used to attack any industrial control system using some of the targeted communication protocols, some of the components in analysed samples were designed to target particular hardware. For example, the wiper component and one of the payload components are tailored for use against systems incorporating certain industrial power control products by ABB, and the DoS component works specifically against Siemens SIPROTECT devices used in electrical substations and other related fields of application.

Read more at www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Fire up the planning process
    August 2017, Technoswitch, ACF Technologies, Bosch Security Systems, Spero Sensors & Instruments, This Week's Editor's Pick, Fire & Safety
    Fire follows four stages – ignition, growth, fully developed, and decay (burnout). In order to ensure that a fire does not progress beyond the first stage, adequate detection and suppression technology needs to be in place.
  • Prevention is better, and cheaper
    August 2017, J2 Software, HID Global, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Healthcare (Industry)
    Securing healthcare data across the ecosystem will not only prevent fraud, it will also improve service delivery in the public and private sectors.
  • Only the paranoid survive
    August 2017, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
    Whether you’re a government, a hospital, a global corporation, a small business or an individual, you should be paranoid because they are out to get you.
  • Surveillance abilities and people recognition
    August 2017, Leaderware, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
    People are born with different skills, strengths, weaknesses and temperament. These define the areas that we are likely to be good at and the areas that we should probably avoid.
  • The kids are alright
    August 2017, Nemtek Electric Fencing Products, Inhep Electronics Holdings, iPulse Systems, Turnstar Systems, This Week's Editor's Pick, Access Control & Identity Management, Perimeter Security, Alarms & Intruder Detection, Asset Management, EAS, RFID, Integrated Solutions
    While there is no getting around the fact that South Africa’s manufacturing sector faces myriad modern obstacles and challenges, it can be considered a mark of pride that the security sector consistently bucks the trend.
  • Artificial intelligence is a no-brainer
    August 2017, Integrated Solutions, Security Services & Risk Management
    AI is the ability of machines to process information in a way similar to the human brain, with the quest for AI driving towards duplication and extension of the abilities of the human mind.
  • The modern commercial facility builds on standards
    August 2017, Johnson Controls, Integrated Solutions, Security Services & Risk Management, Retail (Industry)
    Using technology standards ensure more efficient and flexible management of systems, is more cost-effective and it’s more secure than trying to manage multiple disparate point solutions.
  • Will artificial intelligence replace our jobs?
    August 2017, Integrated Solutions, Cyber Security, Security Services & Risk Management
    Many welcome the possibilities brought about by rapid advances in artificial intelligence, but there is also growing uncertainty about the long-term impact on jobs.
  • Innovative, adaptive, integrated hospital security
    August 2017, Johnson Controls, This Week's Editor's Pick, Asset Management, EAS, RFID, Integrated Solutions, Healthcare (Industry)
    Hospitals need to secure not just their patients, but their staff, their high value assets and sensitive areas like pharmacies. It requires an integrated approach.
  • Cyber attacks to the left, ransomware to the right
    August 2017, This Week's Editor's Pick, Cyber Security, News
    We all need to be agile and responsive to the new unknowns; here are some tips for preventing future nasties like WannaCry and Petya.
  • Optimising productivity on the go
    August 2017, This Week's Editor's Pick, Asset Management, EAS, RFID, Integrated Solutions, IT infrastructure, Security Services & Risk Management
    A new generation of technology is uniquely positioned to transform the field service industry, promising to reduce costs and dramatically improve the quality service organisations can offer.
  • Shipton takes the reins at Impro
    August 2017, Impro Technologies, This Week's Editor's Pick, Access Control & Identity Management, News, Integrated Solutions
    Errol East has retired from Impro, handing over the reins to the new MD, Mike Shipton.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.