Security experts and market commentators alike are voicing their concerns after examination of a power outage in Ukraine’s capital, Kiev, in December 2016 identified a malware framework known as CRASHOVERRIDE or INDUSTROYER. The malware targeted Kiev’s electrical infrastructure via its Industrial Control Systems (ICS) in an unprecedented and sophisticated cyber-attack. The event has serious implications globally and could prove to be a hacker’s paradise for more than power grids in the near future.
Download our special report for practical steps organizations can take to better protect themselves from future malware attacks like CRASHOVERRIDE/INDUSTROYER.
DOWNLOAD REPORT [PDF]
WHAT DOES IT MEAN?
Alongside the use of digital technologies for enhanced automation greatly increasing hackers’ potential attack surface, aging critical infrastructure support has not always been architected with cybersecurity top of mind. CRASHOVERRIDE/INDUSTROYER targeted circuit breakers and switches hijacking electrical systems from a distance by taking advantage of standard device-level communication protocols, making it almost completely undetectable in the power infrastructure.
CRASHOVERRIDE/INDUSTROYER could be a blueprint for a more widespread and longer-lasting attack. The potential to disrupt energy, water supplies and other critical industries using ICS for automation, in an economic context, could be highly damaging to a company, municipality or nation for a long period of time.
WHY THE NAME?
The malware identifies itself as "crash," hence the choice of the term CRASHOVERRIDE/INDUSTROYER. Whoever developed the malware may have been paying homage to, or making fun of, a previously known hacker who used the name "Cr4sh".
WHAT CAN YOU DO?
Download the report and take practical steps today to protect your organization from future malware attacks like CRASHOVERRIDE/INDUSTROYER.
Assess and isolate
Monitor and detect
Plan and prepare