AST Magazine February 2018 final-feb-2018 | Page 23

Volume 20
February 2018 Edition
Those in the West may believe that the Ukraine was simply a victim
of bad luck, however, the 2014 Dragonfly cyber attack targeted
multiple global industrial control system locations at over 2,000
sites.
The motivation behind the attack was electrical power and petro-
chemical facility espionage.
The result: 225,000 customers were without power for six hours af-
ter the substations had been remotely disconnected from the grid.
This particular ransomware attack locked up computers that main-
tained Ukrainian critical infrastructure.
Cyber criminals injected a virus into the utility network to map and
learn the operations.
The malware infected critical infrastructure in the United States,
Spain, France, Italy, Germany, Turkey, and Poland.
Dragonfly also mapped out utility computer networks, ostensibly
for future breaches.
The 2015 hack was the first global cyber attack targeted
at denying electrical service to a location.
The attack completely wiped data on computers running Microsoft
Windows OS.
The result: 225,000 customers were without power for six hours
after the substations had been remotely disconnected from the
grid.
This particular ransomware attack locked up computers that main-
tained Ukrainian critical infrastructure.
Through their malware, the actors not only demanded computer us-
ers pay a ransom, but even forced Chernobyl power plant operators
switch radiation-sensing systems over to manual operation.
Ready for Prime Time
Power grid attacks emphasize an important characteristic of the
terrorists: they know their way around power plants.
The most dramatic evidence of cyber criminal sophistication is
revealed by the 2016 Ukrainian attack, which crippled electricity
distribution for the nation’s capital.
Cyber security firms dubbed the malware “Industroyer”.
(The automatic radiation monitoring system at the Chernobyl nuclear power plant
was the target of a cyberattack, causing monitoring to be carried out manually,
according to a Ukrainian federal agency.)
The media, though, picked up on the moniker “CrashOverride”,
which refers to the malware “Crash” framework upon which the
attack was based.
21