UPDATED 20:49 EDT / JUNE 16 2019

SECURITY

Cyber cold war heats up as Russia, US attempt to hack each others’ power grids

The cyber cold war between the U.S. and Russia continues to heat up, with accusations flying that both countries have either hacked or are seeking to hack each others’ power grids.

On both sides, each country, either directly or through state-sponsored hackers, is allegedly attempting to insert malware into networks that, if triggered, could bring down part or all of the other country’s electricity network.

A report published Friday claimed that Xenotime, the Russian group behind the Triton malware attacks on oil and gas assets in the Middle East in 2017, is now probing U.S. power grids. The claim came from security firm Dragos, which said that since late 2018 the group began probing the networks of electric utility organizations in the U.S. and in the Asia-Pacific region.

“This behavior could indicate the activity group was preparing for a further cyberattack, or at minimum satisfying the prerequisites for a future industrial control system-focused intrusion,” Dragos said.

The probes are said to come in multiple forms, including credential-stuffing attacks and network scans, all of which are designed to find a way to gain entry into a targeted system. Once access is obtained, Xenotime could then insert malware targeting ICS networks that not only have the potential to bring the targeted network down but also to cause safety issues that have the potential to lead to injury and death.

Xenotime was previously reported to be targeting oil and gas assets in the U.S. in May.

“The latest reports that Xenotime is targeting electric utilities in the U.S. and Asia-Pacific region should come as no surprise, but certainly warrants concern,” Renaud Deraison, co-founder and chief technology officer of network security firm Tenable Inc., told SiliconANGLE. “The ongoing threats to operational technology and critical infrastructure are no longer theoretical. They have become our new reality.”

That’s thanks in part to what he said is the convergence of information technology and operational technology, the latter a reference to systems that can detect changes in the control of physical systems, that expose them to a variety of potential attacks. “While reports indicate these latest attacks didn’t result in a successful intrusion, this should be a stark wake-up call for organizations everywhere,” Deraison said.

Meanwhile, a report from the New York Times published Saturday said the U.S. “is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively.”

Quoting unnamed current and former government officials, the Times referenced “the previously unreported deployment of American computer code inside Russia’s grid and other targets.” The suggestion there is that the U.S. has already successfully placed code, whether it be malware or spying tools, into the networks of Russian utilities.

The apparent reasoning behind the hacking is tit-for-tat, that is that the U.S., having been targeted by other countries is now responding aggressively.

The claims were not taken well by President Trump, who took to Twitter to call The New York Times’ report “a virtual act of treason.” The Times, in response, said that the accusation was “dangerous,” that it had told officials about the report prior to publication and that no security issues were raised.

Photo: Pexels

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU