Ever since the discovery of the dreaded Stuxnet worm in the wild, security experts have been concerned that a devastating cyberattack could be launched against critical infrastructure, causing signal lights to go haywire, emergency service phone lines to go down, power grids to go offline and more.
In recent months, we’ve seen what could be construed as “test runs” that foreshadow a much larger, targeted attack, and now, there has been another.
This new attack was made using a custom-built application that experts are calling “Industroyer.”
All indications are that this new strain of malware was created by a skilled developer, and possibly a whole team of them. It’s also likely that it was funded by at least one nation-state actor with an eye toward launching a full-scale cyber war that could easily cripple any industrialized nation.
The latest attack was launched against power stations in the Ukraine, and succeeded in causing widespread blackouts.
The Ukraine has suffered similar attacks over the last two years, presumably launched by Russia.
No one has claimed responsibility for the latest attack. It would be premature to automatically attribute it to Russia, but given that nation’s history with the Ukraine, there’s significant circumstantial evidence that points in that direction.
Unfortunately, attacks like this are virtually impossible to prevent. Globally, the control boards that keep power grids worldwide running have no protection at all, and once hacked, the malware’s owner gains full control over them. They could shut them down, cause them to malfunction in ways that could lead to massive explosions and cause untold chaos and trillions of dollars in damage, depending on the severity and scale of the attack.
Worst of all, there’s no defense against such an attack, and the fear is that the successful attack against Ukraine may be just the tip of the iceberg.
It would take years and hundreds of billions of dollars to upgrade the world’s power grid to protect against a catastrophic failure, and any such move would no doubt create new security loopholes.
Welcome to the future.