The BlackEnergy Attack
Cyber-Attack on the Ukrainian Power Grid in 2015
Introduction
Context
Attackers
Target of Attack
Motivation of Attack
- Destabilisation
- Influence
- Chaos
- Smoke screen
Method of Attack
- Spear phishing attacks
- Malware (BlackEnergy V3)
- Denial of service attack (DDos)
Attack Phase 1
- Surveillance of network
- Spear phishing emails
- Place sleeper malware in system
- Locate user credentials and VPN
Attack Phase 2
- DDos attack on customer call center
- Activate malware
- Take-over system
- Disrupt communication between system and network
- Open circuit breaker
- Overwrite critical firmware
- Damage disk drives
Aftermath
- Forced manual operation for months
- Paved the way for similar, bigger attacks
- Confirmed existence of cyberwarfare
Protective Measures
- Firewall
- VPN
Risks/Vulnerabilities
- No Two-Factor-Authetification
- Lack of training with Spear phishing attacks
- Leaked insider knowledge
Mitigation Opportunities
- Two-Factor-Authetification
- Better training
- Surveilance and monitoring
- Security reviews
Preperation
- Disaster recovery exercises
- Defense strategies
- Security tests
Aspects of Information Security
- Authenticity: Access to Engineer Accounts
- Integrity: Modification of Firmware
- Availability: Use of KillDisk Malware
The BlackEnergy Attack Cyber-Attack on the Ukrainian Power Grid in 2015
{"title":"The BlackEnergy Attack - Presentation","description":"Cyber-Attack on the Ukrainian Power Grid in 2015","contributors":"[{\"id\":\"a4133efa-0293-4b74-b5c9-15368ca1d20e\",\"add\":4177,\"del\":1452}]"}