NERC Alert issued June 13, 2017 advises on the Crash Override malware found to be behind the December 2016 attack on the Ukrainian power grid. While the NERC Alert provides many great details on the malware’s technical characteristics, the fact of the matter is Crash Override is among the most sophisticated ICS-specific malware variants ever detected, with the ability to “cause loss of visibility, loss of control, manipulation of control, interruption of communications, and deletion of local and networked critical configuration files.” Perhaps most concerning is the malware’s ability to be easily tailored to specific ICS environments, communication protocols, and devices.
This type of sophisticated malware forces us to rethink some common predisposed cybersecurity beliefs:
