17 January 2017

Researchers confirm that Ukraine outage was cyber attack


Security teams have also linked the incident to a string of other hacks

Security researchers have confirmed the powercut suffered by the Ukrainian capital of Kiev was indeed the result of a cyber attack.

Information Systems Security Partners (ISSP), investigating on behalf of national energy company Ukrenego, reported that not only was the incident the work of malicious hackers, it was also linked to a campaign of similar attacks throughout the country.

The power outage, which occurred last December, took out around one fifth of the city's power for just over an hour. The attack closely mirrors the BlackEnergy hack, an attack on another Ukrainian power station that left around 700,000 homes without power in December 2015.

"The attacks in 2016 and 2015 were not much different," ISSP's Oleksii Yasnskiy told BBC News: "The only distinction was that the attacks of 2016 became more complex and were much better organised."

Alongside the two power outages, the security firm stated that further attacks on targets such as a national pension fund, government ministries and the national railway that happened throughout December were also linked. According to Ukrainian president Petro Poroshenko, the country's state apparatus was targeted roughly 6,500 times in the last two months of 2016.

He blamed the incidents on Russia, claiming that the country was waging a 'cyber war' with Ukraine. Many within the security community also suspected Russian involvement in the BlackEnergy hacks.

"While this second attack on the Ukrainian power grid is concerning, the string of attacks across high value targets in the Ukraine is more disturbing," said Tripwire's senior director of product management, Tim Erlin. "From finance to rail, the series of attacks has targeted Ukraine's critical infrastructure. When attackers can cause an outage, we're not talking about data protection; we're talking about human safety."

22/12/2016: Ukranian power outage result of energy system hack

Ukranian energy firm Ukrenergo has said a power outage in the northern side of Kiev may have been the work of hackers.

The company's director, Vsevolod Kovalchuk, said the outage was caused by external actors, who managed to take control of the system through its data network, resulting in a “failure in automation control". This meant engineers had to switch it to manual mode so they could take back control. Some power was restored within 30 minutes, while all customers reported their energy was back up and running after an hour and 15 minutes.

Other potential reasons for the supply going down include faulty equipment, but an investigation by authorities should find the root of the problem in the coming days.

If they do dsicover a hack was at fault, it has exposed how criminals are able to take control of entire power systems and they could also use it to disrupt water or gas supplies.

Lewis Henderson, consultant at Glasswall Solutions, warned a similar attack was possible in this country.

"UK power, gas and water utilities now have thousands of internet-connected devices any of which hackers will regard as a potential gateway into main command and control systems," he said. "We need to wake up to the seriousness of these threats. The attack on the Ukraine could be seen as a test of the hackers’ ability to penetrate more sophisticated systems, so action is needed now.

"Every utility in Europe needs to act fast and adopt far more effective security, conventional anti-virus defences just don’t work anymore against these new threats.”

Ukraine is no stranger to attacks on its power system. In January, it was revealed by Symantec that a Trojan called Trojan.Disakil was used to take down three substations owned by a number of the Ukraine's biggest energy suppliers.

No comments: