Architecture, Network security, Strategy, Vulnerability management, Policy, Critical infrastructure

First major blackout caused by hackers likely due to malware, says SANS

January 12, 2016

A cyberattack in late December on a power plant in the Ukraine "demonstrated planning, coordination and the ability to use malware and possible direct remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage," according to Michael Assante, SANS ICS director, writing Saturday on the SANS Industrial Control Systems Security Blog.

The intrusion into the production SCADA systems that cut off power to 700,000 customers was carried out with malware that likely prevented system operators from noticing the attack, Assante wrote, while a remote attacker opened breakers, disassembling sections of the network. As well, a DDoS attack on the utility's customer service center led to a flurry of fake calls that prevented those affected from alerting officials.

This is believed to be the first major blackout caused by hackers.

prestitial ad