Critical Infrastructure Security, Network Security, Vulnerability Management

First major blackout caused by hackers likely due to malware, says SANS


A cyberattack in late December on a power plant in the Ukraine "demonstrated planning, coordination and the ability to use malware and possible direct remote access to blind system dispatchers, cause undesirable state changes to the distribution electricity infrastructure, and attempt to delay the restoration by wiping SCADA servers after they caused the outage," according to Michael Assante, SANS ICS director, writing Saturday on the SANS Industrial Control Systems Security Blog.

The intrusion into the production SCADA systems that cut off power to 700,000 customers was carried out with malware that likely prevented system operators from noticing the attack, Assante wrote, while a remote attacker opened breakers, disassembling sections of the network. As well, a DDoS attack on the utility's customer service center led to a flurry of fake calls that prevented those affected from alerting officials.

This is believed to be the first major blackout caused by hackers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.