When the lights went out in parts of Ukraine last year, experts knew it was a cyberattack. But until now, they were unsure how hackers went about manipulating the power grid.
And those in government and critical infrastructure wondered if this was simply a dress rehearsal for something bigger ahead.
New research now reveals that something bigger is possible and researchers have verified the Ukraine attack was carried out by, "The first ever malware framework designed and deployed to attack electric grids."
The new malware is called CRASHOVERRIDE. It self identifies itself as 'crash' in multiple locations, which is how it was named.
Information from ESET and analysis by industrial controls Security Firm Dragos lead to a detailed report called CRASHOVERRIDE - Analysis of the Threat to Electric Grid Operations.
They call the new malware a 'Swiss army knife for substation automation manipulation' that also provides tailored functionality for the hackers who take control.
"Air gapped networks, unidirectional firewalls, anti-virus in the ICS, and other passive defenses and architecture changes are not appropriate solutions for this attack. No amount of security control will protect against a determined human adversary. Human defenders are required," the report says.
The report says humans are needed to work around outages the malware creates because it isolates substations into islands. Humans will need to manually operate each of the isolated substations or else the hackers will maintain control.
Outages could be expected to last for hours or as long as days and researchers says this malware could easily be repurposed now across Europe and parts of the middle east, with only minor tweaks needed to attack the U.S. power grid.
