IT security firm finds new malware variant through Ukraine study


In a report by KHOU, one of the top-rated CBS affiliates in Texas, it was said that IT security company ESET wrote in a paper posted Monday that, “The malicious code is capable of directly controlling electricity substation switches and circuit breakers and could potentially be used to turn off power distribution or to physically damage equipment used in the electricity distribution grid.”

Sue Kelly, president and CEO of the American Public Power Association told KHOU that US power providers are “properly alarmed,” especially at the sophistication of the programme.

“We are going up a level in the video game here,” she said.

KHOU noted that the American Public Power Association and the power companies it serves “are working with national and international organizations and the US government to analyze the malware and the threat it might pose.”


In another comment, Mark Weatherford, chief cybersecurity strategist at the security firm vArmour, told KHOU that automatic malware that attacks the electric grid is “a big deal”. Weatherford was formerly the chief security officer at the North American Electric Reliability Corporation, the regulatory authority for North American utilities.

He added that “the danger of the malware is that it can automatically trip the breakers within a power system that keep the electrical lines from being overloaded. If one breaker is tripped, the load is shipped to another portion of the power grid. If enough are tripped, in the right places, it’s possible to create a cascading effect that will eventually overload the entire system,” reported KHOU.

“In some cases, it could then take days to restart all the plants,” he said.

In its online article KHOU said, “There’s no evidence the malware has been deployed in the United States, but the highly sophisticated way it was written means it would be very simple to use here, say experts.”

The creators of the malware are not yet known, says KHOU.

It adds: “During [its] research, ESET came across the Industroyer [or Crash Override] malware. The malware discovered by ESET is capable of performing the same type of attack used in 2016.”

Galina Antova, co-founder of Claroty, a company that provides industrial control security, was reported saying: “It’s starting to feel like the Ukraine attacks in 2015 and 2016 were a playground for someone running a proof of concept.”