A power outage which hit the Ukraine in December 2016 has been found to be the cause of a cyber attack, with the investigation into the outage pointing to a huge impending threat on critical infrastructure across the world.
Confirmation of the hack on the Ukrainian power facility in 2016, confirmed by sources to Motherboard, follows the huge December 2015 power outage which was the result of an attack on a Ukrainian distribution facility. The 2015 attack affected around 230,000 people, with the finger of blame pointed at the Russian government.
Hitting almost a year after the mega 2015 attack, the 2016 hack hit the Pivichna substation outside Kiev, cutting power and leaving those living in Kiev and the surrounding area in the dark for an hour. Although smaller in impact, the repeat attack on a Ukrainian power facility has led experts to believe that hackers are using the region as a test bed for bigger attacks in the future.
“The confirmation that the Ukrainian December outage has been identified as a cyber attack is a worrying development,” said Alex Matthews at Positive technologies.
“However the real concern is the reports that the region is being used as a test bed, which must be viewed as a very real warning for all ICS protectors, regardless of where in the world they are.”
The fact that hackers may be testing techniques and methods for bigger and more effective future attacks is all the more alarming seeing as vulnerabilities clearly exist in existing infrastructure. At the core of the 2015 attack were connected devices, with the hackers replacing legitimate firmware with malicious firmware on serial-to-Ethernet converters at substations. It is here, connected devices, where the vulnerability in critical infrastructure is found.
“Far too many internet-connected devices are vulnerable to hackers, our research confirms one in three, add to this the challenge that it takes just two days to find a new SCADA flaw – yet almost a year to get it fixed, and the vulnerability of our critical infrastructure is evident,” said Mr Matthews.
“If hackers are using regions like the Ukraine as test beds for bigger and more malicious future attacks, then it is all the more critical for ICS and SCADA networks to take steps to reduce that risk now.”
With the investigation into the 2016 attack not yet complete, it would be foolhardy for critical infrastructure owners to wait for further disclosures. The two main facts are that hackers may be testing attacks, with said attacks exposing vulnerabilities which need to be resolved now. SCADA attacks, if successful, would impact all citizens and businesses, which is why the time to act is now. Calling on those in the industry to come together to find solutions, Mr Matthews said:
“There is a real need for critical infrastructure owners, hardware vendors, information security experts and government officials to all work together to create industry security programs that will keep everyone safe, firmly slamming the door in the hackers face.”