Step aside, Stuxnet - Industroyer is here

Remember Stuxnet, the worm that wreaked havoc across Iran's nuclear facilities? Security researchers from ESET say that they have discovered an even bigger threat, which they have named Industroyer.

According to the company's report, Industroyer is built to “disrupt critical industrial processes”, and was recently used in an attack in Ukraine, causing the city of Kiev to lose power for an hour.

According to ESET, Industroyer uses ‘industrial communication protocols used worldwide in power supply infrastructure, transportation control systems and other critical infrastructure systems, such as water and gas’. So in theory, Industroyer can be used for much more than disrupting the power supply for a European capital. 

ESET says the biggest problem lies in the fact that the protocols in use by industrial systems are outdated. They were created to be used off the grid, and now that they are connected – they are vulnerable. 

“That means that the attackers didn’t need to be looking for protocol vulnerabilities; all they needed was to teach the malware “to speak” those protocols,” the report says.

Industroyer is a modular malware with a backdoor as its main way of infection. It installs and controls other components and connects to a remote server to get commands. It is highly customisable and universal, allowing attackers to target any industrial control system.

The report, however, does not state who is behind the malware.

The security industry has been quick to respond to the threat, with many experts highlighting the potential risks that major infrastructure projects face in this day and age.

"The success of an attack using this malware depends on whether a device supports these standards or not," noted  Ladislav Zezula, malware researcher at Avast.

"If it doesn't, the malware would have to be tailored and specifically tested to work with the particular power systems from the particular manufacturer."

"The mainstream trend of cybercrime is to get money, one way or another, whether it be through ransomware, banking Trojans, spam, unwanted ads, or identity theft. This kind of malware does not help the cybercriminals behind it earn any money - its aim is to damage the targeted facility. Furthermore, developing malware like this requires access to the industrial systems that it is supposed to work with, which malware authors typically do not have access to."

Image Credit: ESET