View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

The bigger, badder Stuxnet? Industroyer malware poised to destroy industry like never before

This new malware is so sophisticated that it can be configured to attack specific industrial systems.

By Tom Ball

IT Security Company ESET has discovered a strain of malware called Industroyer, which could prove to be the greatest cyber threat to critical infrastructure since the notorious Stuxnet.

Specifically designed to interfere with critical infrastructure, Industroyer has the technical potential to be more formidable than Stuxnet, as it is configurable to specific industrial systems, rather than being limited to individual industries.

Stuxnet was a malicious computer worm that was first identified in 2010. The worm is most well known for the catastrophic damage inflicted upon Iran’s nuclear program.

Industroyer is able to take direct control of electricity substation circuit breakers using industrial communication protocols. These protocols are used globally in power supply infrastructure and transportation control systems, but also in areas such as water and gas.

The bigger, badder Stuxnet? Industroyer malware poised to destroy industry like never before

The Industroyer malware poses a threat to a vast number of people with its ability to attack infrastructure such as water and power plants; the prospect of attack such as this is becoming ever more realistic following attacks like the SCADA attack on the Ukrainian power grid in 2015.

In a blog post by ESET, the conclusion was formed that ‘it’s highly probable that Industroyer was used in the December 2016 attack on the Ukranian power grid’.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
READ MORE: SCADA cyber attacks: Eugene Kaspersky warns of global blackout

A test facility within a university in the United States has already proven the possibility of hackers accessing the systems of a water plant, and adjusting the levels of chlorine in the supply.

The protocols that Industroyer works upon were designed decades ago, before cyber security was considered a necassary factor to be included in their creation.

Andrew Clarke, EMEA Director at One Identity said: “There is no doubt that malware has progressively become more sophisticated—the latest variant to grab the headlines “Industroyer” or Crash Override as it is also known; seems to be a big leap forward.   Unlike Stuxnet, it does not appear to be built for a specific attack; it is modular; automated and appears to be configurable to target different types of industrial systems – so far electrical power grids.    It was likely used to close down the power grid in parts of Kiev, Ukraine in December 2016.”

Addressing the process required to defend this critical infrastructure, Paul Edon, Director at Tripwire said: “Post design security is always a much greater challenge than the “security by design and default” that we would expect today. However, the majority of attacks can still be defended against by employing the same strategy as that used for the enterprise i.e. “Security Best Practise”, “Defence in Depth” and “ Foundational Controls”.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.