ESET Publishes Technical Details on the Newly Identified Virus

ESET Publishes Technical Details on the Newly Identified Virus

June 16, 2017

by Margarita Fournier, Copyright 2016 by Competitive Assets, LLC.  All rights reserved

Recently, there have been reports that a firm in Europe discovered a highly damaging virus intended to strike at electric utilities. Considering the importance of the news, we decided to dig deeper into the matter. Indeed, from its 12/6/17 press release, we learn that “ESET researchers have been analyzing samples of dangerous malware (detected by ESET as Win32/Industroyer, and named “Industroyer”) capable of performing an attack on power supply infrastructure.” Apparently, this malware is capable of similar acts as the one in the December 2016 cyberattack on Ukraine’s power grid, which deprived part of its capital, Kiev, of power for over an hour. The researchers have yet to confirm whether this is, in fact, the same virus. ESET, an Internet security firm in Slovakia, also published additional technical details and analysis in a separate article and in a comprehensive white paper on ESET’s blog, WeLiveSecurity.com. (Further reading about the malware and Indicators of Compromise may be found in ESET’s comprehensive white paper and on github.)

Even the shorter article is well worth a read, though, as it provides information on the structure and functionalities of the malware, concluding that: “Industroyer is highly customizable malware. While being universal, in that it can be used to attack any industrial control system using some of the targeted communication protocols, some of the components in analyzed samples were designed to target particular hardware. For example, the wiper component and one of the payload components are tailored for use against systems incorporating certain industrial power control products by ABB, and the DoS component works specifically against Siemens SIPROTECT devices used in electrical substations and other related fields of application.”

While the firm categorizes this virus as the most serious one since the infamous Stuxnet (developed in the West against Iran), it does not identify perpetrators in this case. Industry press, such as TD World and Digital Journal, reported the news also without attribution. Interestingly, the Washington Post decided to headline its article by implicating yet again unknown Russian hackers, although it conducted no additional analysis of the virus, nor does it offer any tangible proof. Given how serious this matter can potentially be, even a casual reader – not to mention technical staff – can certainly appreciate the necessity of factual reporting, without unsubstantiated distractions

Back to Texas Electric News Clips

  • Competitive Assets

    provides information and consulting for the Texas electric utility industry and is the information source relied upon by many retail electric providers, cooperatives, municipalities, generators, power marketers, brokers, aggregators, wires companies, PUCT staff, ERCOT staff, Texas legislators and staff, FERC staff, metering companies, members of the financial community, consumer representatives, and other parties interested in the Texas electric industry..

    For more, click here to visit CompetitiveAssets.com

  • News Services provided by Competitive Assets

    Texas Electric Watch

    Texas Electric Policy News

    ERCOT Monitor Reports

    ====================

    For a free trial subscription to any of these 3 news services, please send an email to freetrial. If you are interested in subscribing any of these 3 news services, please click here or call Competitive Assets at 512-581-0151

  • Texas Electric News Daily Email Sign Up

    Enter your name and email address to receive daily Texas Electric News Clip emails

    ==============================


    By submitting this form, you are granting: Competitive Assets LLC, 494 Hwy 71 W, Bastrop, TX, 78602, permission to email you. You may unsubscribe via the link found at the bottom of every email. (See our Email Privacy Policy (http://constantcontact.com/legal/privacy-statement) for details.) Emails are serviced by Constant Contact.
  • Special Reports by Competitive Assets

    How to Prepare Confidential Filings at the PUCT

    ====================

    For more information about this special report, please click here or go to CA Store-Special Reports page.

  • ERCOT Monitor Reports---New Issue

    *******************************

    ERCOT's Technical Advisory Committee (TAC) Meeting 8/25/16

    At the August Technical Advisory Committee meeting, participants considered a number of revision requests, heard an update on the Smart Meter Texas efforts, and noted the growth of unregistered distributed generation in several load zones.

    For more about the meeting, Please click here.

  • Other Services provided by Competitive Assets

    ERCOT TDU Rate Updates

    Provides updates of approved rates for TDUs in ERCOT in a spreadsheet format, updated twice per month

    If you are interested in subscribing this service, please click here or call Competitive Assets at 512-581-0151