Categories: CyberCrimeSecurity

Ukraine Sitting On ‘Powder Keg’ Of More Cyber Attacks

The cyber attacks that took down sections of Ukraine’s power grid last December, leaving hundreds of thousands of people without power, were able to happen because of poor security practices within the country’s energy companies, according to a consultant who works for government investigators.

The consultant also warned that further attacks could take place, and that a fourth Ukrainian energy company was attacked with the malware last October.

Spoof

Oleh Sych told Reuters that companies ignored their own security rules, and hackers were able to spoof energy ministry emails.

“This is the scariest thing – we’re living on a powder keg. We don’t know where else has been compromised. We can protect everything, we can teach administrators never to open emails, but the system is already infected,” he said.

An attack on December 23 left parts of western Ukraine, including regional capital Ivano-Frankivsk, without power for almost six hours. It was the first public case of a cyber attack affecting a country’s energy supply.

Ukraine’s security service SBU said Russia was behind the attack, and the energy ministry in Kiev said last week it has set up a commission to investigate the incident. Russia has yet to comment on the matter, but relations between the two countries have declined since Russia annexed Crimea in 2014.

SBU said other power companies had been targeted at the same time and that security services had prevented a much longer blackout in the region.

Sych, who works for a consultancy that is advising the SBU on the attacks, said that power companies had not followed their own security procedures when they connected important computers to the Internet. Instead, Sych said that these critical machines should have been left within an internal network.

Eset, a security firm based in Slovakia, said earlier this month that it believes BlackEnergy, a sophisticated trojan usually delivered via malicious email attachments, was used in both the attack on Ukraine’s power grid and in an earlier incident that targeted Ukrainian news media during local elections in November.

Sych told Reuters: “A possible objective was to bring down some branches (of the Ukrainian energy system) and create a ‘domino effect’ to collapse the entire system of Ukraine or a significant part.”

But Sych said that there is not yet any conclusive evidence that points towards Russia being behind the attacks. He told Reuters that one email was sent from the United States, whilst another originated from German university.

Sych further believes that an insider within the energy industry may be involved.

“We understand that this couldn’t have happened without an insider. To carry out this kind of attack you need to know what kind of operating system and SCADA (supervisory control and data acquisition) are used and what software controls the industrial facility,” he said.

Sych said that to know what kind of software was installed, and to know what type of malware to test on the software, an insider must have carried out “preliminary investigations”.

Hackers then sent emails to workers at the power companies that contained infected Word or Excel files, disguised as correspondence from the ministry of energy in Ukraine.

Take our data breaches of 2015 quiz here!

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Indian Tribunal Suspends Meta’s Data Sharing Ban

After Meta had warned that India's data sharing ban could collapse WhatsApp's business model, tribunal…

10 mins ago

UK’s CMA Begins Probe Into Apple, Google Mobile Ecosystems

British regulator confirms investigation of Apple and Google's domination of app stores, operating systems, and…

1 hour ago

Samsung Touts AI Features With Galaxy S25 Smartphones

Launch of Samsung's Galaxy S25 Ultra, Galaxy S25+ and Galaxy S25 sees the handsets described…

4 hours ago

LinkedIn Sued Over Alleged Use Of Private Messages To Train AI

Microsoft's LinkedIn sued for allegedly using customer data, including private messages, to train AI models…

5 hours ago

Amazon To Shutter Sites In Unionised Province In Canada

1,700 jobs to be lost in Quebec, as Amazon says it will close seven sites…

21 hours ago

Google Wins UK Injunction To Halt Russian Enforcement Of Judgements

Google wins permanent injunction from London's High Court to prevent enforcement of Russian YouTube judgements

22 hours ago