Security researchers at ESET and Dragos inc. have discovered what appears to be the most dangerous form of infrastructure attack malware to date. The companies are calling this malware by two names: Industroyer and CrashOverRide. I will refer to it from here on out as the latter, since Industroyer messes with my OCD.

CrashOverRide represents a very scalable platform with modules and capabilities that allow it to focus on infrastructure that utilize four standard industry control system (ICS) protocols. These protocols are commonly used in power generation infrastructure outside of the United States, however, researchers state that CrashOverRide is so versatile that tailoring it for US based power systems would take only moderate effort. Tailoring ChrashOverRide to affect water, gas and transportation systems is also estimated to be relatively trivial. Keep in mind that CrashOverRide is not exploiting any vulnerabilities with these protocols. It is leveraging legitimate protocols to take advantage of systems that were never meant to be internet facing in the first place.



The platform works by abusing a targeted ICS system’s legitimate control suites functionality to achieve results. In other words: CrashOverRide issues valid commands directly to remote terminal units over legitimate ICS protocols, denies service to COM ports on the infected device, maps the ICS environment, and wipes Windows installations to increase infrastructure downtime. Once a targeted system is infected, CrashOverRide can set switches and breakers to off, on, or cycle in a permanent toggle loop. Any of this activity would knock a power station offline and require manual initialization and repairs to be become operational again.

Currently, these attacks appear to be targeted solely at Ukrainian infrastructure with the most recent occurring in Kiev.
You can find ESET’s write up here and the Dragos Inc. write up here.

Discussion (Story written by Crixus.)

Source: [H]ardOCP – Researchers Discover Most Dangerous Infrastructure Malware To Date