Security & Fraud

ESET Finds Malware That Could Target Power Supplies

ESET researchers have been analyzing samples of dangerous malware that could be used in a cyberattack on power supply infrastructure.

In a press release, the company said the malware was probably involved in the December 2016 cyberattack on Ukraine’s power grid that prevented part of its capital, Kiev, from getting power for more than an hour.

“The recent attack on the Ukrainian power grid should serve as a wake-up call for all those responsible for the security of critical systems around the world,” warns ESET Senior Malware Researcher Anton Cherepanov in the release.

ESET researchers discovered Industroyer malware capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems and other critical infrastructure. ESET said the potential effect may range from turning off power distribution, triggering a cascade of failures, to more serious damage to equipment and industrial control systems.

“Industroyer’s ability to persist in the system and to directly interfere with the operation of industrial hardware makes it the most dangerous malware threat to industrial control systems since the infamous Stuxnet, which successfully attacked Iran’s nuclear program and was discovered in 2010,” said Cherepanov in the press release.

This report on cybersecurity comes as Ukraine is becoming more of a hotbed for cyber criminals. In February, U.S. prosecutors sentenced a Ukrainian man, who was charged with running two hacking forums online, to 41 months in prison. According to a report by Reuters, Sergey Vovnenko, who went by the aliases “Flycracker” and “Darklife,” was sentenced for taking over more than 13,000 computers to get his hands on logins and credit card information.

U.S. District Judge Esther Salas in New Jersey sentenced Vovnenko after he pleaded guilty last year to aggravated identity theft and conspiracy to commit wire fraud, Reuters reported. Vovnenko was also told to pay restitution of $83,368. Vovnenko’s attorney, Timothy Anderson, told Reuters he was happy the sentence wasn’t longer and that his client could get out in a few months if he gets credit for the 32 months he has spent in custody. “He has committed himself to not be involved in criminal activities anymore,” Anderson said in the Reuters report.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment