When the lights went out in parts of Ukraine last year, experts knew it was a
And those in government and critical infrastructure wondered if this was simply a dress rehearsal for something bigger ahead.
New research now reveals that something bigger is possible and researchers have verified the Ukraine attack was carried out by, "The first ever malware framework designed and deployed to attack electric grids."
The new malware is called CRASHOVERRIDE. It
Information from ESET and analysis by industrial controls Security Firm Dragos lead to a detailed report called CRASHOVERRIDE - Analysis of the Threat to Electric Grid Operations.
They call the new malware a 'Swiss army knife for
"Air gapped networks, unidirectional firewalls, anti-virus in the ICS, and other passive defenses and architecture changes are not appropriate solutions for this attack. No amount of security control will protect against a determined human adversary. Human defenders are required," the report says.
The report says humans are needed to work around outages the malware creates because it isolates substations into islands. Humans will need to manually operate each of the isolated
Outages could be expected to last for hours or as long as days and researchers