classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017


Biggest threat to industrial systems
July 2017, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management, Industrial (Industry)

ESET researchers have discovered the biggest threat to industrial control systems since Stuxnet. Industroyer is a sophisticated and extremely dangerous malware designed to disrupt critical industrial processes.

Researchers analysed samples of the malware, detected by ESET as Win32/Industroyer, capable of performing an attack on power supply infrastructure. The malware was most probably involved in the December 2016 attack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for an hour.

ESET researchers discovered Industroyer is capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. The potential impact may range from simply turning off power distribution, triggering a cascade of failures, to more serious damage to equipment.

Industroyer is a particularly dangerous threat, since it is capable of controlling electricity substation switches and circuit breakers directly. To do so, it uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure systems (such as water and gas).

These switches and circuit breakers are digital equivalents of analogue switches; technically they can be engineered to perform various functions. Thus, the potential impact may range from simply turning off power distribution, cascading failures and more serious damage to equipment. The severity may also vary from one substation to another.

Industroyer’s dangerousness lies in the fact that it uses protocols in the way they were designed to be used. The problem is that these protocols were designed decades ago, and back then industrial systems were meant to be isolated from the outside world. Thus, their communication protocols were not designed with security in mind. That means that the attackers didn’t need to be looking for protocol vulnerabilities; all they needed was to teach the malware ‘to speak’ those protocols.

Industroyer is modular malware. Its core component is a backdoor used by attackers to manage the attack: it installs and controls the other components and connects to a remote server to receive commands and to report to the attackers.

What sets Industroyer apart from other malware targeting infrastructure is its use of four payload components, which are designed to gain direct control of switches and circuit breakers at an electricity distribution substation.

Each of these components targets particular communication protocols specified in the following standards: IEC 60870-5-101, IEC 60870-5-104, IEC 61850, and OLE for Process Control Data Access (OPC DA).

Generally, the payloads work in stages whose goals are mapping the network, and then figuring out and issuing commands that will work with the specific industrial control devices. Industroyer’s payloads show the authors’ deep knowledge and understanding of industrial control systems.

The malware contains a few more features that are designed to enable it to remain under the radar, to ensure the malware’s persistence, and to wipe all traces of itself after it has done its job.

Industroyer is highly customisable malware. While being universal, in that it can be used to attack any industrial control system using some of the targeted communication protocols, some of the components in analysed samples were designed to target particular hardware. For example, the wiper component and one of the payload components are tailored for use against systems incorporating certain industrial power control products by ABB, and the DoS component works specifically against Siemens SIPROTECT devices used in electrical substations and other related fields of application.

Read more at www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/


  Share via Twitter   Share via LinkedIn      

Further reading:

  • The Battle: Human vs Machine
    October 2017, C3 Shared Services, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
    The concept of video analytics technology is to present only the information that will require an operator’s immediate attention.
  • South Africa’s security industry boom
    October 2017, Security Services & Risk Management
    Currently, South Africa’s private security industry is experiencing an unprecedented growth rate. Citizens are now spending as much as R45 billion annually to safeguard their lives, assets, homes and businesses.
  • Measurable policies and multi-layered approach hit the mother lode
    October 2017, This Week's Editor's Pick, Integrated Solutions, Mining (Industry)
    Securing mines is often a logistical nightmare as threats from common thieves to illegal miners are added to the inherent safety and security risks synonymous with mine complexes.
  • What’s in a platform?
    October 2017, Milestone Systems, Naxian Systems, Genetec, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Integrated Solutions
    Hi-Tech Security Solutions looks at what today’s security management platforms offer users from both small and large organisations.
  • Trends in intruder detection
    October 2017, Elvey, Secutel Technologies, This Week's Editor's Pick, Access Control & Identity Management, Perimeter Security, Alarms & Intruder Detection
    Ease of use, integration and visual verification rule the roost in the modern intruder solution.
  • Packaged cyber-threat service
    October 2017, GNL Cyber, News, Cyber Security
    Gold ‘N Links Cyber introduces GNL CYBER 360, a per user, next generation cyber-threat packaged service.
  • Security professionals meet with the regulator
    October 2017, South African Institute of Security (SAIS), This Week's Editor's Pick, Security Services & Risk Management, Associations
    Dave Dodge, chairman of the South African Institute of Security (SAIS) and PSiRA CEO, Manabela Chauke sat down with other role players for an open discussion, the first of many.
  • ESDA golf day delivers R35 000 to charity
    October 2017, ESDA (Electronic Security Distributors Association, This Week's Editor's Pick, News, Associations
    The ESDA 2017 Charity Golf Day was held on 6 September 2017 at the Glendower Golf Course.
  • Causes of fatigue
    October 2017, Leaderware, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Security Services & Risk Management
    The security industry has many regulations, but in an industry where the type of work and other conditions lend themselves to fatigue, there is little on the handling of fatigue.
  • Keeping pace with change
    October 2017, Johnson Controls, This Week's Editor's Pick, Integrated Solutions
    Hospitals need to secure not just their patients but their staff, their high value assets and sensitive areas like pharmacies. It requires an integrated approach.
  • PDS for Sasol coal mines
    October 2017, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, Asset Management, EAS, RFID, Mining (Industry)
    Monitech Mining Monitoring Systems was recently commissioned to supply and install a proximity detection system to a number of Sasol Mining’s underground operations.
  • Enabling secure and efficient mining
    October 2017, Gallagher, Mining (Industry), Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
    Mining is a high-value industry with long-term return on investment. Initial capital investment is substantial and it can take years from exploration to market-ready product.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.