Malware poses critical threats
SLOVAKIA/UNITED STATES: Two cyber security firms have uncovered malicious software that they believe caused a December 2016 power outage in Ukraine, and are warning the malware could be easily modified to harm critical infrastructure operations around the globe.
ESET, a Slovakian anti-virus software maker, and Dragos, an American critical infrastructure security firm, yesterday released detailed analyses of the malware, known as Industroyer or Crash Override, and issued private alerts to governments and infrastructure operators to help them defend against the threat.
The US Department of Homeland Security said it was investigating the malware, though it had seen no evidence to suggest it has infected US critical infrastructure.
The two firms said they did not know who was behind the cyber attack.
Ukraine has blamed Russia, though officials in Moscow have repeatedly denied blame.
Still, the firms warned there could be more attacks using the same approach, either by the group that built the malware or copycats who modify the malicious software.
‘‘The malware is really easy to re-purpose and use against other targets. That is definitely alarming,’’ ESET malware researcher Robert Lipovsky said. ‘‘This could cause wide-scale damage to infrastructure systems that are vital.’’
The Department of Homeland Security corroborated that warning, saying it was working to better understand the threat posed by Crash Override. – Reuters