# The BlackEnergy Attack
Cyber-Attack on the Ukrainian Power Grid in 2015
---
# Introduction
---
# Context
---
# Attackers
---
# Target of Attack
---
# Motivation of Attack
- Destabilisation
- Influence
- Chaos
- Smoke screen
---
# Method of Attack
- Spear phishing attacks
- Malware (BlackEnergy V3)
- Denial of service attack (DDos)
---
# Attack Phase 1
- Surveillance of network
- Spear phishing emails
- Place sleeper malware in system
- Locate user credentials and VPN
---
# Attack Phase 2
- DDos attack on customer call center
- Activate malware
- Take-over system
- Disrupt communication between system and network
- Open circuit breaker
- Overwrite critical firmware
- Damage disk drives
---
# Aftermath
- Forced manual operation for months
- Paved the way for similar, bigger attacks
- Confirmed existence of cyberwarfare
---
# Protective Measures
- Firewall
- VPN
---
# Risks/Vulnerabilities
- No Two-Factor-Authetification
- Lack of training with Spear phishing attacks
- Leaked insider knowledge
---
# Mitigation Opportunities
- Two-Factor-Authetification
- Better training
- Surveilance and monitoring
- Security reviews
---
# Preperation
- Disaster recovery exercises
- Defense strategies
- Security tests
---
# Aspects of Information Security
- Authenticity: Access to Engineer Accounts
- Integrity: Modification of Firmware
- Availability: Use of KillDisk Malware
---
# Resources
[Who turned out the lights in the Ukraine? 2015 Black Energy attack](https://www.youtube.com/watch?v=I5SI-pUbq-g)
[CYBER-ATTACK AGAINST UKRAINIAN POWER PLANTS](https://garylehman.net/wp-content/uploads/2016/01/Cyber-Attack-Against-Ukrainian-Power-Grid-Implications.pdf)
[BlackEnergy](https://en.wikipedia.org/wiki/BlackEnergy)
{"title":"The BlackEnergy Attack - Presentation","description":"Cyber-Attack on the Ukrainian Power Grid in 2015","contributors":"[{\"id\":\"a4133efa-0293-4b74-b5c9-15368ca1d20e\",\"add\":4177,\"del\":1452}]"}