PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

Ukraine blackouts caused by malware attacks warn against evolving cybersecurity threats to the physical world

2024-05-17
(Press-News.org) On a cold winter night in 2016, Ukrainians experienced the first-ever known blackout caused by malicious code (malware) designed to autonomously attack the power grid. One-fifth of Kyiv’s citizens were plunged into darkness as attackers used malware to target the capital city’s power grid. Six years later, in the early months of the ongoing Russia-Ukraine war, a second attack attempted to combine kinetic and cyber attacks to take down Ukraine’s power grid.

Malware attacks against physical infrastructure have long been a looming threat in the realm of cybersecurity, but these two in Ukraine were the first attacks of their kind, and have received little attention from the academic community. Carried out by a Russian intelligence agency against Ukraine, they warn of the evolution of cyber attacks to the built world, and highlight the need to better understand and defend against this type of malware. 

A new paper presents the first study into how Industroyer One and Two, as these malware attacks are called, operated and interacted with the physical power system equipment. The paper is set to be presented on May 20 at the IEEE Symposium on Security and Privacy (the Institute of Electrical and Electronics Engineers flagship conference on cybersecurity) and was lead by a team of UC Santa Cruz students including Luis Salazar, Sebastian Castro, Juan Lozano and Keerthi Koneru, and advised by Associate Professor of Computer Science and Engineering Alvaro Cardenas. 

“I want to emphasize how vulnerable our systems are — I don’t know why this hasn’t been more impactful in terms of security awareness, and also policy and planning,” Cardenas said. “When you see a nation state designing malware to take down the power grid of another country, that seems to be a big deal. Our critical infrastructures are vulnerable to these kinds of attacks, so we need to be better prepared to defend.”

Understanding Industroyer One and Two

The malware used in the 2016 attack has been named Industoyer One, and the similar but distinct malware used in 2022 was dubbed Industroyer Two. The Five Eyes, an intelligence alliance including Australia, Canada, New Zealand, the United Kingdom, and the United States, have attributed both of these attacks to the GRU, which is Russia’s military intelligence agency.

The first attack can be seen as example of intimidation and a flex of power without warfare, Cardenas said, while the second is a look into warfare in the modern world 

“It’s an example of modern war in that it combines physical and cyber attacks,” Cardenas said. “It’s not an isolated event, these events in the cyber world and physical world are reinforcing each other to create the most damage they can. After our paper was accepted, we received notice of yet another attack that targeted Ukraine’s power grid simultaneously with a cyber attack and a kinetic attack.”

The malware attacks are not only the first and only examples of cyber attacks against a power grid, but are part of only a small number of known malware attacks against physical infrastructure in general. 

The first example of a malware attack against physical infrastructure was the Stuxnet attack discovered in 2010 and deployed some years earlier with the intention to destroy the centrifuges of a uranium enrichment plant in Iran. Before that, malware attacks had only targeted classical computing systems like IT and financial systems. 

The Industroyer attacks caused hours-long local blackouts. These types of attacks require operators to fix the problem locally and reconnect back to the main systems, and are far less catastrophic than a system collapse, in which an error cascades through the “bulk” system and could bring down an entire country’s power grid. 

“These attacks were able to create local blackouts, but so far, there hasn't been a system-wide collapse. An attack that can collapse the grid  will be far more dangerous as the whole country would be without power for several days,” Cardenas said.

Creating a sandbox for study

The UCSC researchers are not the only to study the two attacks, but Cardenas’ team found that the industry white papers did not provide satisfying answers about how the details of the malware operated and interacted with the equipment controlling the infrastructure. Their report is the first to detail exactly how the malware interacted with the physical world. 

Cardenas was able to obtain copies of the malware, which enabled the researchers to build a sandbox — a software environment that fooled the malware into thinking it was within the industry-specific environment of the Ukrainian power grid so the researchers could understand exactly how it interacted with the system. They emulated a power grid operator’s control room with remote connections to substations, as well as a substation network with local connections to electrical equipment. Their sandbox is openly available for other researchers to use. 

Using the sandbox, the researchers found similarities between the attacks, but observed a clear evolution in the malware. 

Both of the Industroyer attacks were completely automated, meaning once they were deployed there was no human involvement, and breached areas of the power grid which were designed to be disconnected from the internet to provide them higher security. Both attacks compromised a Windows computer in a substation or control room to manipulate the status of circuit breakers in the grid.

Industroyer One acted like a swiss army knife in that it could attack both older systems operating with serial lines as well as modern systems operating with modern communication systems. It was developed without a specific target and could attack directly from within a grid substation or from the control center hundreds of miles away. It expected configuration files from the system itself to guide its attack. However, these characteristics did not mean it was without flaws.

“It had this flexibility of attacking from everywhere, but we also found that it had a lot of bugs,” Cardenas said. “There were several implementation bugs that didn’t follow the protocol. Maybe it was [meant to be] very targeted, but we tested with several different types of equipment and it worked with some and not with others because of the bugs.”

Industroyer Two, on the other hand, was very specific, with its targets baked into the malware itself, eliminating the need to read configuration files. The researchers could see that it was targeting three IP addresses which coordinated with specific devices, presumably to control circuit breakers in specific substations. The bugs that were present in Industroyer One were eliminated. 

“Maybe it was because over time they had time to polish the malware to get rid of the bugs, but they also knew better what they were after,” Cardenas said. 

In observing how the Industoyer attacks targeted varied numbers of circuit breakers, the researchers found that different types of disconnection attacks can have different results in the power grid. They found that counterintuitively, shutting off all circuit breakers at once doesn't cause these big problems, as disconnecting load and generation at the same time balances out the system. More strategic attacks might aim to create imbalances, which can cause larger problems for the bulk system.

Planning future defense
 
Overall, this evolution observed in the Industroyer attacks shows that malware attacks are becoming stealthier. While both attacks targeted computers housed within control centers, researchers believe that future attackers could try to control “intelligent electronic devices” (IEDs) embedded within the systems themselves. While there is no malware targeting these for now, they might make attractive targets in the future as hackers could send them malicious commands while having them report back to the human operators that everything is working properly. 

While the Industroyer attacks happened geographically far from the United States, the distance does not ensure safety. 

“The attacks could happen here, or pretty much anywhere in the world,” Cardenas said. “Systems are now all controlled by computers and have pretty much the same technology.” 

With this in mind, the researchers are working to configure their sandbox into what is called a “honeypot,” a type of decoy software that pretends to be a working system in the operational network of a utility. System operators know not to use this decoy, so if activity is seen in the honeypot they will know it comes from an outside attacker, alerting them to the attack. 

The researchers are designing their honeypot to be generic enough to work in various control systems, such as oil refineries or water treatment systems, in addition to functioning in power grids. 

They also plan to facilitate the incorporation of AI assistants into operating networks, which would help decode and respond to attacks in real time when they occur.  

Collaborators on this project included Cardenas’ Ph.D. students Luis Salazar, Sebastian Castro, Juan Lozano, and Keerthi Koneru, as well as Emmanuele Zambon at the Eindhoven University of Technology, Bing Huang and Ross Baldick at the University of Texas at Austin, Marina Krotofil at Information Systems Security Partners, and Alonso Rojas at the Axon Group.  

END


ELSE PRESS RELEASES FROM THIS DATE:

How memories crystallize over time

2024-05-17
“Practice makes perfect” is no mere cliché, according to a new study from researchers at The Rockefeller University and UCLA. Instead, it’s the recipe for mastering a task, because repeating an activity over and over solidifies neural pathways in your brain. As they describe in Nature, the scientists used a cutting-edge technology developed by Rockefeller’s Alipasha Vaziri to simultaneously observe 73,000 cortical neurons in mice as the animals learned and repeated a given task over two weeks. The study revealed that memory representations transform from unstable to solid in ...

Gilbert Family Foundation invests $21 million to launch new research initiative focused on developing advanced disease models to accelerate cure for neurofibromatosis

2024-05-17
New initiative, launched on World NF Awareness Day, focuses on developing improved models to understand neurofibromatosis type 1 (NF1) with the goal of rapidly testing new treatments. 18 grants will be provided to leading medical research institutions in the United States and Europe. The Next-Generation NF1 Models Initiative is the Foundation’s fourth research initiative focused on accelerating a cure for neurofibromatosis. DETROIT, May 17, 2024 – Gilbert Family Foundation, a private foundation established by Dan and Jennifer Gilbert to accelerate a cure for ...

Multiple onychopapillomas and BAP1 tumor predisposition syndrome

2024-05-17
About The Study: This study found that BRCA1-associated protein (BAP1) tumor predisposition syndrome was associated with a high rate of nail abnormalities consistent with onychopapillomas (a benign tumor of the nail) in adult carriers of the disease. Findings suggest that this novel cutaneous sign may facilitate detection of the syndrome in family members who are at risk and patients with cancers associated with BAP1 given that multiple onychopapillomas are uncommon in the general population and may be a distinct clue to the presence of a pathogenic germline variant in the BAP1 gene. Corresponding Authors: To contact the corresponding authors, ...

Researchers confirm scale matters in determining vulnerability of freshwater fish to climate changes

Researchers confirm scale matters in determining vulnerability of freshwater fish to climate changes
2024-05-17
The silver chub isn’t considered sensitive to climate change on a national scale, but context matters. For example, if climate change sensitivity is evaluated in only one region of the United States, the freshwater fish appears quite a bit more susceptible.  “Relative to other species we looked at in the gulf region of the U.S., the silver chub occupied a pretty small geographic area,” said Samuel Silknetter, a Ph.D. student in biological sciences. “If we didn’t look at the climate sensitivity across multiple ...

Sweet taste receptor affects how glucose is handled metabolically by humans

Sweet taste receptor affects how glucose is handled metabolically by humans
2024-05-17
PHILADELPHIA (May 16, 2024) – The rich research portfolio of the Monell Chemical Senses Center on sweet taste goes way back: Monell scientists were one of four teams in 2001 that found and described the mammalian sweet taste receptor – TAS1R2-TAS1R3. Twenty years later in 2021, a pair of papers published in Mammalian Genome by Monell researchers covered the genetics of sugar-loving mice. The sweet taste receptor, expressed in taste bud cells, conveys sweetness from the mouth when it is activated. Earlier this month, a study in PLOS One, led by another Monell researcher, delved into how the sweet-taste receptor might be the first stop ...

STAR sees a magnetic imprint on deconfined nuclear matter

STAR sees a magnetic imprint on deconfined nuclear matter
2024-05-17
The Science Scientists have the first direct evidence that the powerful magnetic fields created in off-center collisions of atomic nuclei induce an electric current in “deconfined” nuclear matter. This is a plasma “soup” of quarks and gluons that have been set free, or “deconfined,” from nuclear matter—protons and neutrons—in the particle collisions. The magnetic fields in deconfined nuclear matter are a billion times stronger than a typical refrigerator magnet, but their effects can be hard to detect. This new study’s evidence is from measuring the way ...

CU faculty member receives prestigious award for health equity work

2024-05-17
In recognition of her exceptional work in advancing health equity, the Society of General Internal Medicine (SGIM) bestowed its 2024 Herbert W. Nickens Award to Rita Lee, MD, a University of Colorado Department of Medicine faculty member, at a May 17 meeting in Boston. “The committee has chosen to honor you as an exemplary SGIM member who has made prioritizing minority health and diversity the primary focus of your career,” Alana Biggers, MD, MPH, the chair of the award selection committee, said in a congratulatory letter to Lee. The ...

Better medical record-keeping needed to fight antibiotic overuse, studies suggest

2024-05-17
A lack of detailed record-keeping in clinics and emergency departments may be getting in the way of reducing the inappropriate use of antibiotics, a pair of new studies by a pair of University of Michigan physicians and their colleagues suggests. In one of the studies, about 10% of children and 35% of adults who got an antibiotic prescription during an office visit had no specific reason for the antibiotic in their record. The rate of this type of prescribing is especially high in adults treated seen in emergency departments and in adults seen in clinics who have Medicaid coverage or no insurance, the ...

Clinicians report success with first test of drug in a patient with life-threatening blood clotting disorder

2024-05-17
Key Takeaways Immune thrombotic thrombocytopenic purpura, a rare blood clotting disorder, results from an autoimmune attack against an enzyme called ADAMTS13 A recombinant form of human ADAMTS13 approved for a different condition helped to save the life of a young mother with immune thrombotic thrombocytopenic purpura Results from this first use of the drug for this condition—by a team led by researchers from Massachusetts General Hospital—warrants testing the drug in a clinical trial A team led by investigators from Massachusetts General Hospital, a founding member of the Mass General Brigham healthcare system, used a new drug to save the life of a patient ...

NIH study shows chronic wasting disease unlikely to move from animals to people

NIH study shows chronic wasting disease unlikely to move from animals to people
2024-05-17
WHAT: A new study of prion diseases, using a human cerebral organoid model, suggests there is a substantial species barrier preventing transmission of chronic wasting disease (CWD) from cervids—deer, elk and moose—to people. The findings, from National Institutes of Health scientists and published in Emerging Infectious Diseases, are consistent with decades of similar research in animal models at the NIH’s National Institute of Allergy and Infectious Diseases (NIAID). Prion diseases are degenerative diseases found in some mammals. These diseases primarily involve deterioration of the brain but also can affect the eyes and other organs. ...

LAST 30 PRESS RELEASES:

New prognostic model enhances survival prediction in liver failure

China focuses on improving air quality via the coordinated control of fine particles and ozone

Machine learning reveals behaviors linked with early Alzheimer’s, points to new treatments

Novel gene therapy trial for sickle cell disease launches

Engineering hypoallergenic cats

Microwave-induced pyrolysis: A promising solution for recycling electric cables

Cooling with light: Exploring optical cooling in semiconductor quantum dots

Breakthrough in clean energy: Scientists pioneer novel heat-to-electricity conversion

Study finds opposing effects of short-term and continuous noise on western bluebird parental care

Quantifying disease impact and overcoming practical treatment barriers for primary progressive aphasia

Sports betting and financial market data show how people misinterpret new information in predictable ways

Long COVID brain fog linked to lung function

Concussions slow brain activity of high school football players

Study details how cancer cells fend off starvation and death from chemotherapy

Transformation of UN SDGs only way forward for sustainable development 

New study reveals genetic drivers of early onset type 2 diabetes in South Asians 

Delay and pay: Tipping point costs quadruple after waiting

Magnetic tornado is stirring up the haze at Jupiter's poles

Cancers grow uniformly throughout their mass

Researchers show complex relationship between Arctic warming and Arctic dust

Brain test shows that crabs process pain

Social fish with low status are so stressed out it impacts their brains

Predicting the weather: New meteorology estimation method aids building efficiency

Inside the ‘swat team’ – how insects react to virtual reality gaming 

Oil spill still contaminating sensitive Mauritius mangroves three years on

Unmasking the voices of experience in healthcare studies

Pandemic raised food, housing insecurity in Oregon despite surge in spending

OU College of Medicine professor earns prestigious pancreatology award

Sub-Saharan Africa leads global HIV decline: Progress made but UNAIDS 2030 goals hang in balance, new IHME study finds

Popular diabetes and obesity drugs also protect kidneys, study shows

[Press-News.org] Ukraine blackouts caused by malware attacks warn against evolving cybersecurity threats to the physical world