Md. cybersecurity startup helped uncover a new threat to power grids - Technical.ly Baltimore

Business

Jun. 15, 2017 8:17 am

Md. cybersecurity startup helped uncover a new threat to power grids

Fulton-based Dragos analyzed a December attack in Ukraine, and found malware that can cause power outages. “It’s never been seen before,” said Ben Miller.

Power lines.

(Photo by Flickr user Owen Viriyincy, used under a Creative Commons license)

In December 2016, a cyber attack in Ukraine turned out the lights.

The power was restored after about an hour, but cybersecurity firms continue to analyze how the attackers caused a blackout.

Dragos was behind a key finding this week. The Fulton-based startup said in a new report that the malware used in the attack shut down parts of the power grid itself. Dragos dubbed it CRASHOVERRIDE.

“It’s never been seen before,” said Ben Miller, director of threat operations for the company, which specializes in security of industrial control systems and is supported by DataTribe.

The malware operates on a systemic level, and it was automated. Building on analysis conducted by Slovakian firm ESET, Dragos concluded that it’s capable of cutting off the flow of electricity by opening circuit breakers at power grid substations. The breakers are forced into an infinite loop, keeping them open even if operators try to close them. It also destroys files and affects the operating system of the station, making it more difficult to turn the power back on. The attack required knowledge of many different devices involved in the power grid, Miller said.

“This is actually fairly straightforward from a backdoor perspective,” he said of the process the attackers used to gain access to the system. “But that component of adding the power systems knowledge to it makes it very unique and very disruptive.”

Power can only be restored manually. While the ability to cause a blackout is alarming, the report concluded that the outages it causes would likely last “hours or days not in weeks or months.”

Dragos cofounders Jon Lavender, Robert M. Lee and Justin Cavinee. (Courtesy photo)

Dragos cofounders Jon Lavender, Robert M. Lee and Justin Cavinee. (Courtesy photo)

The threat isn’t limited to Ukraine. The malware could be used again in a different country with some modifications. Additionally, Dragos concluded that the attack in Ukraine may have been a “proof of concept,” as all of the malware’s capabilities were not used.

Advertisement

“This isn’t something that’s going away, so I think it’s important to understand the new capability and the importance of that,” Miller said.

The analysis concludes the group behind the attack is called ELECTRUM. They have ties to the Russia-based Sandworm team, which is believed to have carried out a separate attack that caused a power outage in Ukraine in 2015. Dragos doesn’t make any conclusions about who organized the attack. For its part, Ukraine has blamed the Russian government.

-30-
JOIN THE COMMUNITY, BECOME A MEMBER
Already a member? Sign in here

Advertisement

ISE research spotlights cryptocurrency vulnerabilities, and theft

Hanover-based KeyW to be acquired by Jacobs Engineering Group in $815M deal

VitusVet moves to Baltimore from Columbia, plans hiring

SPONSORED

Baltimore

How SmartLogic accelerated these startups’ product growth trajectories

Baltimore, MD 21201

14 West

Junior Database Administrator

Apply Now
Philadelphia, PA

Orthly

Full-Stack Javascript Engineer

Apply Now
Baltimore, MD 21201

14 West

Chief of Staff

Apply Now

Here’s a look at 11 Johns Hopkins student startups working in health, VR and beverages

What’s the word? Contribute to our list of cybersecurity terms to know

Here are the winners of the 2019 Maryland Cybersecurity Awards

SPONSORED

Baltimore

This fast-growing SaaS company aims to be a force for change in the energy industry

Baltimore, MD

SmartLogic

Product Designer

Apply Now
Baltimore

Technically Media

Technical.ly Baltimore Contributing Reporter (Contract or Freelance)

Apply Now
Baltimore, MD

SmartLogic

Developer

Apply Now

Sign-up for daily news updates from Technical.ly Baltimore

Do NOT follow this link or you will be banned from the site!