Tech Trends: Hacking the Lights Out
Recently, it was reported that North Korea was exploring ways to penetrate our electrical grid – most likely to position the country to launch a preemptive or retaliatory cyber-attack. The article, available at www.securityinfowatch.com/12374400, describes a spear phishing attack sent to people in the electric utility industry that used fake fundraiser invitations containing malware. The story suggests that this was the first such attempt by the North Koreans, although this technique has been used previously by Russian hackers.
As a refresher, spear phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
It is difficult for me to believe this North Korea’s first attempt; in fact, their cyber warfare capability has been clear for some time and gained notoriety after the Sony hack. If the Russians have the capability to take down a power grid, it is not an unreasonable assumption that North Korea has access to many of the same tools.
It is helpful to look at a recent set of events to understand how this can work, and a 2015 directed cyberattack on the Ukrainian power grid provides a good example. The attack cut power to 225,000 customers, followed by a smaller one a year later in Dec. 2016 in Kiev.
For integrators who help protect critical infrastructure, this is must-read and must-understand stuff; for integrators who service less regulated but still cyber-vulnerable clients, it should serve as an illustration of their responsibilities to help clients craft effective cybersecurity best practices.
Phishing Attack Leads to SCADA Exploit
The first steps in the Dec. 2015 attack in Ukraine were taken the previous spring with a spear-phishing campaign targeting IT staff and system administrators working for Ukrainian power distribution companies. A malicious Word document contained in the email, if opened, would display a popup asking users to enable macros in the document. The macros were designed to infect the target machine with a malware program called BlackEnergy3 and open a backdoor.