San Francisco Hackers have succeeded in infiltrating large areas of American energy supply companies and industrial plants with particularly sophisticated malware. It’s the first time hackers have penetrated so deeply into critical infrastructure in the United States — an incident that IT security experts have long feared.
In a joint statement on Wednesday, the FBI federal police, the Department of Energy, the federal agency responsible for cyber security Cisa and the NSA intelligence service warned operators of industrial control systems of the danger. They asked them to take a number of measures on the software of the control systems and to introduce multi-factor authentication for external users.
Although the malware has not yet been activated, it has not yet caused any damage. But that doesn’t mean it can be easily mitigated. On the contrary: The malware is extremely sophisticated. “It will take years for us to fix this,” Sergio Caltagirone of IT security firm Dragos told the Washington Post; Dragos is one of the private sector security firms that analyzed the malware together with government agencies.
Unlike other viruses, the malware does not exploit unknown vulnerabilities in operating systems (zero-day vulnerabilities), which – once discovered – can be fixed relatively easily with an update.
Top jobs of the day
Find the best jobs now and
be notified by email.
Rather, the program manipulates those control systems on several levels that are used in almost all modern industrial plants – even in areas that are considered critical infrastructure. Around 85 percent of this is privately owned in the USA.
Accordingly, the government in Washington is dependent on the cooperation of the private sector in combating the malware that has now been discovered. How exactly the investigators became aware of this is currently not known.
After the cyber attack was discovered, the US Department of Energy and the FBI, among others, published a cyber security recommendation.
(Photo: AP)
However, it is clear that the software could cause enormous damage to the country’s energy supply and in numerous industrial companies. According to security firm Dragos, the attack code specifically targets devices used in liquefied natural gas (LNG) plants; such play a key role in the energy supply in the USA.
Europe is also increasingly interested in LNG from the United States as an alternative energy source to oil and gas imports from Russia. In the course of the Ukraine war, it is an attempt to become more independent from Moscow.
Russia is said to be behind the attack
This focus on LNG plants is one of the reasons why experts have attributed the recent malware to Russia. “Given the current geopolitical situation, we take this attack very seriously,” said John Hultquist, cybersecurity expert at Mandiant (formerly Fireeye).
The malware is also similar to previous programs attributed to Russia, Mandiant said. The attack poses a threat not only to the United States, but also to other NATO countries and Ukraine.
More on cyber attacks:
Since the outbreak of the Ukraine war, alertness has also been high in the US amid fears that Russia – one of the most adept at cyberwarfare – will attack it with malware. The IT security expert Matt Olney from Cisco Talos recently said in an interview with the NZZ that Russia has probably sent its best hackers to the West.
US President Joe Biden also recently warned, based on intelligence reports, that Russian cyber attacks against the US were imminent. “The more Putin (in Ukraine) has his back against the wall,” Biden said, the more likely attacks in cyberspace would become. Biden’s top adviser on the matter, Anne Neuberger, also confirmed that Russia was eyeing America’s critical infrastructure.
Successor to “Stuxnet” and “Triton”
However, in their most recent warning on Wednesday, the American authorities did not mention Russia, only speaking of “unknown foreign state actors”. According to experts, the sophistication of the malware in particular clearly indicates that a group of state elite hackers is behind the attack.
Hacker attacks on industrial plants are usually politically motivated and very rare. The best-known malware of this type to date was the Stuxnet virus, discovered in 2010. The USA and Israel used it to sabotage the centrifuges in the Iranian nuclear program. Another well-known example is the Triton malware, which is attributed to Russian hackers. It was used to attack a Saudi petrochemical plant in 2017, causing millions of dollars in damage.
In these cases, however, the malware only became known after it was executed – unlike in the present case. To his knowledge, said CEO of IT security firm Dragos Robert Lee, this is the first time such malware has been detected before it manipulated industrial facilities. “We’re one step ahead of our opponents this time.
More: Joe Biden speaks of genocide in the Ukraine war – is he changing his strategy?