Security & Fraud

ESET Finds Malware That Could Target Power Supplies

ESET researchers have been analyzing samples of dangerous malware that could be used in a cyberattack on power supply infrastructure.

In a press release, the company said the malware was probably involved in the December 2016 cyberattack on Ukraine’s power grid that prevented part of its capital, Kiev, from getting power for more than an hour.

“The recent attack on the Ukrainian power grid should serve as a wake-up call for all those responsible for the security of critical systems around the world,” warns ESET Senior Malware Researcher Anton Cherepanov in the release.

ESET researchers discovered Industroyer malware capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems and other critical infrastructure. ESET said the potential effect may range from turning off power distribution, triggering a cascade of failures, to more serious damage to equipment and industrial control systems.

“Industroyer’s ability to persist in the system and to directly interfere with the operation of industrial hardware makes it the most dangerous malware threat to industrial control systems since the infamous Stuxnet, which successfully attacked Iran’s nuclear program and was discovered in 2010,” said Cherepanov in the press release.

This report on cybersecurity comes as Ukraine is becoming more of a hotbed for cyber criminals. In February, U.S. prosecutors sentenced a Ukrainian man, who was charged with running two hacking forums online, to 41 months in prison. According to a report by Reuters, Sergey Vovnenko, who went by the aliases “Flycracker” and “Darklife,” was sentenced for taking over more than 13,000 computers to get his hands on logins and credit card information.

U.S. District Judge Esther Salas in New Jersey sentenced Vovnenko after he pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud, Reuters reported. Vovnenko was also told to pay restitution of $83,368. Vovnenko’s attorney, Timothy Anderson, told Reuters he was happy the sentence wasn’t longer and that his client could get out in a few months if he gets credit for the 32 months he has spent in custody. “He has committed himself to not be involved in criminal activities anymore,” Anderson said in the Reuters report.



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.

Click to comment