14/06/2017

Industroyer aka Crashoverride – A big new threat for ICS

Industroyer is the first malware designed and developed to attack electric power grids. This sophisticated piece of malware found by security analysts of ESET works in a very disruptive manner and was responsible for the latest power out in Ukraine. Because of the modular structure the malware can be easily extended to other industrial sectors. Unlike STUXNET, Industroyer is not unique to any particular vendor. Four widely distributed energy automation protocols are supported as well as features like DoS-Attacks against Siemens SIPROTEC devices, a port scanner module and the ability to wipe out hosts in the final stage of the attack to make recovery as hard as possible.

A defense-in-dept strategy as well as measures like application whitelisting can help to prevent these kind of attacks.

 

Sources and a more detailed analysis by ESET and Dragos:

https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf

https://www.dragos.com/blog/crashoverride/CrashOverride-01.pdf

Leave a Reply

Your email address will not be published. Required fields are marked *