ESET Publishes Technical Details on the Newly Identified Virus
June 16, 2017
by Margarita Fournier, Copyright 2016 by Competitive Assets, LLC. All rights reserved
Recently, there have been reports that a firm in Europe discovered a highly damaging virus intended to strike at electric utilities. Considering the importance of the news, we decided to dig deeper into the matter. Indeed, from its 12/6/17 press release, we learn that “ESET researchers have been analyzing samples of dangerous malware (detected by ESET as Win32/Industroyer, and named “Industroyer”) capable of performing an attack on power supply infrastructure.” Apparently, this malware is capable of similar acts as the one in the December 2016 cyberattack on Ukraine’s power grid, which deprived part of its capital, Kiev, of power for over an hour. The researchers have yet to confirm whether this is, in fact, the same virus. ESET, an Internet security firm in Slovakia, also published additional technical details and analysis in a separate article and in a comprehensive white paper on ESET’s blog, WeLiveSecurity.com. (Further reading about the malware and Indicators of Compromise may be found in ESET’s comprehensive white paper and on github.)
Even the shorter article is well worth a read, though, as it provides information on the structure and functionalities of the malware, concluding that: “Industroyer is highly customizable malware. While being universal, in that it can be used to attack any industrial control system using some of the targeted communication protocols, some of the components in analyzed samples were designed to target particular hardware. For example, the wiper component and one of the payload components are tailored for use against systems incorporating certain industrial power control products by ABB, and the DoS component works specifically against Siemens SIPROTECT devices used in electrical substations and other related fields of application.”
While the firm categorizes this virus as the most serious one since the infamous Stuxnet (developed in the West against Iran), it does not identify perpetrators in this case. Industry press, such as TD World and Digital Journal, reported the news also without attribution. Interestingly, the Washington Post decided to headline its article by implicating yet again unknown Russian hackers, although it conducted no additional analysis of the virus, nor does it offer any tangible proof. Given how serious this matter can potentially be, even a casual reader – not to mention technical staff – can certainly appreciate the necessity of factual reporting, without unsubstantiated distractions
Back to Texas Electric News Clips