Friday, February 5, 2016

Experts compete to find Ukraine grid hack 'smoking gun'

Following article has been re-published with the permission of Energy Wire 
(original text available at http://www.eenews.net/energywire/stories/1060031555/)

Experts compete to find Ukraine grid hack 'smoking gun'Blake Blake Sobczak, E&E reporter
Published: Monday, February 1, 2016

A six-hour blackout in western Ukraine has continued to puzzle investigators weeks after the lights came back on.

The Dec. 23 power outage in Ukraine's Ivano-Frankivsk region was minor by most standards, severing electricity to 80,000 households. Half a world away, windstorms were busy knocking out power to more than twice as many utility customers in northern Michigan.

But Ukraine's outage that day resulted from a complex attack combining malware, a flood of telephone calls and, perhaps, a few unwitting accomplices in grid control centers.

Ukrainian officials are dissecting the BlackEnergy strain of malware found to have infected energy, media and government organizations across the country. Authorities haven't yet offered a detailed account of Dec. 23's events, so security researchers have pieced together their own -- sometimes competing -- versions of what happened.


"We are still missing data, or maybe the authorities didn't share all the data they had," said Udi Shamir, chief security officer of SentinelOne, which has published one of the more detailed analyses of a new BlackEnergy malware variant. "The amount of people who really know what's happened ... they're really outnumbered compared to the researchers, and nobody's going to talk about it -- not in the public, not for now."

The million-dollar question for cybersecurity experts is: How did the attackers in Ukraine actually manage to cause the outage?

As Sean McBride, lead analyst for critical infrastructure at cybersecurity firm iSIGHT Partners Inc., put it at a conference last month, "We've got the dead body and the bullet hole, but no gun."

Sniffers and phishers
In its report last week, SentinelOne uncovered a "sniffer" module in BlackEnergy that shows attackers were interested in gathering login credentials and other pertinent information from industrial control systems. But researchers, including Shamir, largely agree that the BlackEnergy malware itself did not directly cause the outage. Questions also remain as to how BlackEnergy spread among power distributors in Ukraine, infecting enough machines to allow for a relatively far-ranging impact when attackers pulled the trigger.

The initial entry point into victim companies, including Ukrainian electricity provider Prykarpattyaoblenergo, appears to have been a targeted "phishing" email with a malicious Word document attached.

But Shamir said he isn't so sure employees were duped by a Microsoft Office document, suggesting instead that the unknown hackers may have had help on the inside from at least one of several utilities affected. That's because the attack vector used was more than a year and a half old, a relic from an earlier BlackEnergy campaign that also targeted energy systems in Ukraine.

If the Microsoft Office vulnerabilities really hadn't been addressed in that time -- meaning an employee could have been legitimately fooled -- "I think the people in Ukraine need to raise some very hard questions to their [computer emergency response team], because it's very alarming," Shamir said.

Analysts at Kaspersky Lab, who offered an in-depth look at the malicious Word document recovered from targeted computers, weren't surprised by the campaign's continued success.

"In general, we are seeing the use of Word documents with macros becoming more popular in [advanced, persistent] attacks," said Costin Raiu, director of Kaspersky's global research and analysis team. "For instance, recently we observed the Turla APT group using documents with macros to launch a similar type of attack. This leads us to believe that many of these attacks are successful and that this is why their popularity is increasing."

Cyber confusion?
Knowing how attackers probably got in, however, doesn't answer how they were able to shut off power, if at all. There's a huge difference between leveraging a compromised Word document to gain a foothold on a computer network, and then moving laterally along that network and reaching all the way into industrial controls, observers say.

Robert M. Lee, one of the first researchers to cite evidence that the Ukrainian power outage involved a cyberattack, has said he's moderately confident that attackers used BlackEnergy as their entry point to more critical networks.

What they did after that first step is less certain, however, according to multiple sources examining the evidence available from the attack. The hackers could have remotely hijacked the human-machine interfaces that offer windows to physical grid components, or they could have deployed some as-yet-undiscovered module for tripping breakers on the power grid. It's possible that the "smoking gun" researchers are looking for automatically destroyed itself after damaging the control systems.

All of the experts contacted by EnergyWire shared their thoughts with the caveats that what triggered the outage is still unknown and that their theories are just that -- subject to change as new evidence emerges.

Joel Langill, a specialist in control system cybersecurity and author of the SCADAhacker blog, said he thinks "malware could have been used to cause events that would have led to human decisions being made incorrectly."

In other words, he said, BlackEnergy's presence, coupled with a denial of service attack on telephone networks used for reporting outages, created an atmosphere of "cyber confusion" that may have triggered the temporary blackouts.

But even if malware didn't directly cause customers to lose power in Ukraine, Langill said utilities don't yet have reason to rest easy.

"Maybe this was a trial run, to see a proof-of-concept -- whether or not it could happen," he said. "Until we really understand the sequence of the attack, people aren't really going to understand what to do, and that's where I get a little nervous."

'One plus one plus one'
One of the best ways to recover from the new spate of BlackEnergy infections was published by the U.S. Industrial Control Systems Cyber Emergency Response Team in fall 2014.

While no evidence has emerged to suggest U.S. utilities have fallen victim to new BlackEnergy attacks, the industry has taken the Ukraine case as an opportunity to re-emphasize good security practices for grid operators. ICS-CERT even dusted off its old notice to add new information from the Ukraine threat.

"We are continuing to monitor what's going on there and look for those lessons learned," said Scott Aaronson, managing director for national security policy at the Edison Electric Institute, which represents investor-owned utilities in North America.

Aaronson pointed out how "hard" it is for researchers to put together the disparate clues and say with certainty that a cyberattack took place.

"What we know is that there was a power outage just before Christmas in Ukraine, there was a denial of service that happened in close relation to that, and malware was found on the Ukrainian utilities' systems," Aaronson said. "One plus one plus one does not necessarily equal three."

Cyberattack or not, he said, "the fact is, the power went out and they had to respond -- and we would do the same thing here."

-------------------------------------------------------------
Want to read more stories like this?
Click here to start a free trial to E&E -- the best way to track policy and markets.

ABOUT ENERGYWIRE – THE TRANSFORMATION OF THE ENERGY SECTOR
EnergyWire is written and produced by the staff of E&E Publishing, LLC. EnergyWire is designed to bring readers deep, broad and insightful coverage of the transformation of the energy sector. EnergyWire focuses on the business, environmental and political issues surrounding the rapidly expanding unconventional energy industry and the numerous factors -- from expanding natural gas use to renewables and more -- that are altering the traditional electric utility industry. EnergyWire publishes daily at 9:00 a.m.

70 comments:



  1. It is really very excellent,i find all articles was amazing.awesome way to get exert tips from everyone,
    not only i like that post all peoples like that post,because of all given information was wonderful and it's very helpful for me.
    hadoop training in Chennai

    ReplyDelete
  2. It very excellant info.....http://www.justengg.com/

    ReplyDelete
  3. Thanks for sharing this information. I really like your blog post very much. You have really shared a informative and interesting blog post with people.. dab rigs

    ReplyDelete
  4. the blog is very useful, interesting and informative. thank you for sharing the blog with us. keep on updating.
    Linux Training in Chennai

    ReplyDelete
  5. Very nice post here thanks for it .I always like and such a super contents of these post.Excellent and very cool idea and great content of different kinds of the valuable information's.

    J2ee training in chennai

    ReplyDelete
  6. I have own car so now I am back out there trying to show him how to do car repairs. Your blog is an excellent source of info, thanks.

    bike spa services in mumbai
    house cleaning services in mumbai
    car wash services in mumbai

    ReplyDelete
  7. Really nice and definitely it will be useful for many people. Kindly keep update like this.
    Back to original

    ReplyDelete
  8. Great site for these post and i am seeing the most of contents have useful for my Carrier.Thanks to such a useful information.Any information are commands like to share him.

    Seo Training in Chennai

    ReplyDelete
  9. Thanks for sharing this information and keep updating us. This content is quite informatics to me.
    Hadoop Training in Chennai | Big Data Course in Chennai | Big Data Training in Chennai

    ReplyDelete
  10. Great articles, first of all Thanks for writing such lovely Post! Earlier I thought that posts are the only most important thing on any blog. But here at Shoutmeloud I found how important other elements are for your blog.Keep update more posts..
    Office Interior Designers in Coimbatore
    Office Interior Designers in Bangalore
    Office Interior Designers in Hyderabad

    ReplyDelete
  11. I suggest that they examine everyday users to evaluate the 'backdoor' being exploited. Personally, if I can't access documents or open them as I did previously I look for another way that professes to do it. Dumb but true. We aren't all proficient, but self trained.

    ReplyDelete
  12. Quite good sharing. Anyone who are interested in Beaker Bubbler for sale?

    ReplyDelete
  13. Really it was an awesome article...very interesting to read..You have provided an nice article....Thanks for sharing..
    Android Training in Chennai
    Ios Training in Chennai

    ReplyDelete
  14. This blog is having the general information.Got a creative work and this is very different one.We have to develop our creativity mind.This blog helps for this. Thank you for this blog.This is very interesting and useful.

    Bigdata Training in Chennai

    ReplyDelete
  15. Selamat Datang
    S1288poker.com
    Menang Ceme
    Bandar Ceme
    Ceme Online
    Ceme 99
    Qiu Ceme
    Contact Person :
    WA : 087782869981
    BBM - 7AC8D76B

    ReplyDelete
  16. The Mobile Accessories is a largest mobile retail Chain dealing in leading international and Indian Brands of mobile phones and accessories headquartered with using special offers and low cost of the latest branded mobile phones. This is amazing offers with some of days.

    Mobile Showrooms in OMR

    ReplyDelete
  17. Thanks for the informative article. This is one of the best resources I have found in quite some time. Nicely written and great info. I really cannot thank you enough for sharing.

    Restaurant in OMR
    Apartments in OMR
    Villas in OMR
    Resorts in OMR

    ReplyDelete

  18. BIG DATA Technologies provides you with a state of the art software which combines modern GPU technology (Graphic Processing Units) with the best practices in today’s Big Data platforms, providing up to 100x faster insights from data.
    Bigdata Training in Chennai OMR

    ReplyDelete
  19. Testers can build, enhance, and maintain scripts to regression test their mobile applications. Hands-on instruction is provided for those who want to explore the power of using Appium. The course covers content from installation to execution and reporting . The focus is on the practical application of Appium to resolve common mobile automated testing challenges. This course focuses on getting started with Appium.
    course/appiumtraininginsholinganallur/

    ReplyDelete
  20. Our expertise and craftsmanship is well fame and we have an extensive variety of involvement in taking care of the necessities of customers all things considered, either from office or to home. By always procuring the notoriety from our clients we are today viewed as the best office interior designers in coimbatore

    ReplyDelete
  21. Our expertise and craftsmanship is well fame and we have an extensive variety of involvement in taking care of the necessities of customers all things considered, either from office or to home. By always procuring the notoriety from our clients we are today viewed as the best modular kitchen cost in coimbatore

    ReplyDelete
  22. This comment has been removed by the author.

    ReplyDelete
  23. I really like the dear information you offer in your articles. I’m able to bookmark your site and show the kids check out up here generally. Im fairly positive theyre likely to be informed a great deal of new stuff here than anyone
    angularjs Training in bangalore

    angularjs interview questions and answers

    angularjs Training in marathahalli

    angularjs interview questions and answers

    angularjs-Training in pune

    ReplyDelete
  24. A universal message I suppose, not giving up is the formula for success I think. Some things take longer than others to accomplish, so people must understand that they should have their eyes on the goal, and that should keep them motivated to see it out til the end.
    Java training in Chennai | Java training institute in Chennai | Java course in Chennai

    Java training in Bangalore | Java training institute in Bangalore | Java course in Bangalore

    Java online training | Java Certification Online course-Gangboard

    Java training in Pune

    ReplyDelete
  25. Thank you for taking the time and sharing this information with us. It was indeed very helpful and insightful while being straight forward and to the point.
    Online DevOps Certification Course - Gangboard
    Best Devops Training institute in Chennai

    ReplyDelete
  26. Needed to compose you a very little word to thank you yet again regarding the nice suggestions you’ve contributed here.
    python course in pune
    python course in chennai
    python Training in Bangalore

    ReplyDelete
  27. Great Article… I love to read your articles because your writing style is too good, its is very very helpful for all of us and I never get bored while reading your article because, they are becomes a more and more interesting from the starting lines until the end.

    rpa training in chennai |best rpa training in chennai|
    rpa training in bangalore | best rpa training in bangalore

    ReplyDelete
  28. Very Nice Article keep it up...! Thanks for sharing this amazing information with us...! keep sharing

    ReplyDelete
  29. All the latest updates from the PythonAutomationminds team. Python Automationminds lets you program in Python, in your browser. No need to install any software, just start coding straight away. There's a fully-functional web-based console and a programmer's text-editor
    Phyton training in Chennai

    ReplyDelete
  30. Thanks for giving great kind of information. So useful and practical for me. Thanks for your excellent blog, nice work keep it up thanks for sharing the knowledge.
    dining room interior designer in noida

    ReplyDelete
  31. nice work keep it up thanks for sharing the knowledge.Thanks for sharing this type of information, it is so useful.
    Epoxy Grout manufacturer in delhi

    ReplyDelete
  32. Hmm, it seems like your site ate my first comment (it was extremely long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog. I as well as an aspiring blog writer, but I’m still new to the whole thing. Do you have any recommendations for newbie blog writers? I’d appreciate it.
    Advanced AWS Course Interview Questions And Answers, Top 250+AWS Jobs Interviews Questions and Answers 2018
    Advanced AWS Jobs Interview questions and answers |Best Top 110 AWS Interview Question and Answers – india

    ReplyDelete
  33. Lyrics.com is a huge collection of song lyrics , album information and featured video clips for a seemingly endless array of artists.

    ReplyDelete
  34. Great Article… I love to read your articles because your writing style is too good,
    its is very very helpful for all of us and I never get bored while reading your article because,
    they are becomes a more and more interesting from the starting lines until the end.

    Java training in Chennai

    Java training in Bangalore

    Java online training

    Java training in Pune


    ReplyDelete

  35. we have provide the best ppc service in Gurgaon.
    ppc company in gurgaon

    ReplyDelete
  36. Hello all
    am looking few years that some guys comes into the market
    they called themselves hacker, carder or spammer they rip the
    peoples with different ways and it’s a badly impact to real hacker
    now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
    Anyone want to make deal with me any type am available but first
    I‘ll show the proof that am real then make a deal like

    Available Services

    ..Wire Bank Transfer all over the world

    ..Western Union Transfer all over the world

    ..Credit Cards (USA, UK, AUS, CAN, NZ)

    ..School Grade upgrade / remove Records

    ..Spamming Tool

    ..keyloggers / rats

    ..Social Media recovery

    .. Teaching Hacking / spamming / carding (1/2 hours course)

    discount for re-seller

    Contact: 24/7

    fixitrogers@gmail.com

    ReplyDelete

  37. بسم الله الرحمن الرحيم تقدم لكم شركة الكمال جميع خدمات رش المبيد يجميع انحاء المملكة بافضل انواع

    المبيدات للقضاء على جميع الحشرات الطائرة والزاحفه كالصراصير والفائران والنمل الابيض والبق

    والذباب والناموس
    شركة رش مبيدات بالطائف
    شركة رش مبيدات بجازان
    شركة رش مبيدات بحائل
    والسلامه عليكم ورحمة الله وبركاته

    ReplyDelete
  38. Thank you so much for sharing this informative blog with us, this was really amazing and I’m really thankful to you.
    .. VIEW MORE:- Freelance Seo Expert in Delhi

    ReplyDelete
  39. This is a nice article here with some useful tips for those who are not used-to comment that frequently.
    Thanks for this helpful information I agree with all points you have given to us. I will follow all of them.
    Java training in Chennai
    Java training in Bangalore
    Java online training
    Java training in Pune
    Java training in Bangalore|best Java training in Bangalore

    ReplyDelete
  40. Trialix Male Enhancement CBD is a non-psychoactive part of the marijuana plant. Such broad claims may sound like a snake oil sales pitch, however preliminary analysis does suggest that the compound might have vast-ranging results on the physique. With CBD oil, you can get the entire advantages of a stress-reliever. These days, there is a very high tendency to imagine that oils extracted from some vegetation impact temper and behavior. VitaCBD oil is made utilizing low CO2 extraction and its method is unique, as they add Grape Seed Oil, which has therapeutic properties as well for psychological well being, in addition to hemp seed oil and industrial hemp and CBD. Authors of a 2014 overview noted that CBD has anti-seizure properties and a low risk of side effects for people with epilepsy. Nonetheless, it's necessary to notice that some individuals in both these research skilled opposed reactions related to CBD treatment, comparable to convulsions, fever and diarrhea. It additionally donates hemp merchandise for homeless animals and pets of low-income families. By way of the CBD merchandise you can buy, the amount of THC current varies from none in any respect in a pure CBD Isolate to a minimal amount (less than zero.3%) in a Full-Spectrum CBD product. The explanation that Billy's cannabis oil was seized at Heathrow airport was that it did not just contain CBD, it additionally contained THC at greater ranges than legally permitted.
    https://www.smore.com/czbha-trialix-male-enhancement-canada

    ReplyDelete
  41. Thanks, you guys that is a great explanation. keep up the good work in your granite blog.

    ReplyDelete
  42. I am really enjoyed a lot when reading your well-written posts. It shows like you spend more effort and time to write this blog. I have saved it for my future reference. Keep it up the good work.
    oneplus mobile service centre in chennai
    oneplus mobile service centre
    oneplus service center near me
    oneplus service
    oneplus service centres in chennai
    oneplus service center velachery
    oneplus service center in vadapalani

    ReplyDelete
  43. Visit for Website Designing & Development Company at Ogen Infosystem.
    PPC Company in Delhi

    ReplyDelete
  44. Nice post. Thanks for sharing! I want people to know just how good this information is in your article. It’s interesting content and Great work.
    Thanks & Regards,
    VRIT Professionals,
    No.1 Leading Web Designing Training Institute In Chennai.

    And also those who are looking for
    Web Designing Training Institute in Chennai
    SEO Training Institute in Chennai
    Photoshop Training Institute in Chennai
    PHP & Mysql Training Institute in Chennai
    Android Training Institute in Chennai

    ReplyDelete
  45. Nice and interesting post,I appreciate your hard work,keep uploading more, Thank you for sharing valuable information.

    ReplyDelete
  46. I feel happy about and learning more about this topic. keep sharing your information regularly for my future reference. This content creates new hope and inspiration within me. Thanks for sharing an article like this. the information which you have provided is better than another blog.
    Best IELTS Coaching institute in Dwarka

    ReplyDelete

  47. I enjoyed over read your blog post. Your blog have nice information, I got good ideas from this amazing blog. I am always searching like this type blog post. I hope I will see again.
    Best Ice Fishing Gloves Best Ice Fishing Gloves Best Ice Fishing Gloves

    ReplyDelete
  48. I feel happy about and learning more about this topic. keep sharing your information regularly for my future reference. This content creates new hope and inspiration within me. Thanks for sharing an article like this. the information which you have provided is better than another blog.
    IELTS Coaching in Dwarka

    ReplyDelete