TECH TUESDAY: Dangerous Malware Used Against The Ukraine Power Grid

Stanislav Ostranitsa

Tech Tuesday.png

Code is more than just the heart and soul of what makes a computer function, it is something like the combination of digital DNA, a private journal, and EKG of your operating system, your word processor, your spreadsheet, and your most relied-upon application. A lot is happening in the code running your servers. This is why, when a server falls under a malicious attack, Digital Forensics are called upon in order to deduce what happened and how to prevent it.

You remember back in December 2015, attackers hacked a substation station in the Ukraine? Malicious hackers cut electricity for tens of thousands of customers for an hour around midnight. Researchers examining the responsible code say the catastrophic failure was on account of a modular toolkit composed of multiple components. Think of it as a MIRV for servers. This toolkit, once opened, launched automated assaults against industrial control systems managing electric grids.

Software computer programming codeThis toolkit didn’t exploit software vulnerabilities to do the dirty tricks the way most malware does. This attack relied on exploiting four communication protocols commonly used in industrial control systems in Europe, the Middle East, and Asia. This means the attackers could use the same toolkit to target those regions, and may already have done so. The 2016 attack on Ukraine’s power grid was believed to be a test for refining attacks on critical infrastructure around the world, and that is somewhat troubling. Unlike some breaches that are individual in nature, the responsible code and its delivery method are directly applicable to numerous systems in Europe, most of the Middle East and most of Asia. The US uses a different communication protocol for its substations, but that doesn’t make our infrastructure immune to the same kind of assault. With a little tweaking, the same toolkit could also be used here.

This attack is the equivalent of a warning shot across our bow. We need to be ready now.

What we are seeing here is sort of a broad based vulnerability of all of our infrastructure as we become more and more dependent on the Internet. This portends trouble in the future a s it is believe wars of tomorrow will be fought on digital fronts. If a country were to want to carry out an attack against a rival country, the aggressor would not reveal their ability to bring down the power grid. It would be an advantage. At the moment when they would want to launch a full assault, this toolkit could be delivered, bringing down the power grid and wrecking havoc in the target country.

Our vulnerability is very much a reality here, and we’ve must be careful in how comfortable we are in how we believe our infrastructure is secure. The Ukraine is proving itself to be a little test bed, to test out all manner of malicious cyberattacks. Certainly, we need to secure our power grid, a matter that our own Homeland Security has been talking about for years.



shurtz.jpgA research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratford University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.