Black Christmas for Ukrainians!
December 23rd 2015 at 04:00 PM, the Ukrainian’s region Ivano-Frankivsk was plunged into darkness for several hours and more than 220.000 customers lost power and, the IT and communications systems of the utility companies were severely damaged by the attackers.
In this case, the attackers combined a large number of attacking tools, spreading phishing e-mail containing a variant of the BlackEnergy 3 and KillDisk malwares, exploiting MS Office documents security holes to get into the IT network of the electricity companies and inhibiting most of the security agent in firewalls.
At the same time they managed to break credential codes to access a deeper level of the system, controlling industrial communication busses such as the ones interconnecting Uninterruptible Power Systems (UPS) and accessing the Supervisory Control and Data Acquisition (SCADA) systems.
SCADA systems are basically Process Control Systems (PCS) that are used for monitoring, gathering, and analyzing real-time environmental data. PCSs are designed to automate electronic systems based on a predetermined set of conditions, such as traffic control or power grid management. For the ones used to lower energy and board power systems, it’s a super Software Defined Power Architecture, which, considering the strategic role it plays, requires an extremely high level of security. Managing to control the SCADA systems, the hackers accessed the electricity network, with the possibility to shut down and severely damage equipment.
The Ukrainian’s case is considered as “real life example” of what could happen to larger networks and lessons to learn from that case is part of the ongoing Smart Grid security standardization projects run in the USA, Europe and Japan.