New data from systems integration company Boulting Technology has highlighted history’s top five industrial computer viruses – and the power industry is among the victims.
The infographic shown here is designed to educate industries that rely on computer control systems on how the lack of preventative measures against viruses and hackers can lead to costly downtime due to lost or stolen data.
“Cybersecurity has becoe top of the agenda for many businesses over recent weeks, following the Wanna Decryptor (WannaCry) ransomware attack in May, which crippled the NHS and many other organisations across the globe,” said Nick Boughton, sales manager at Boulting Technology.
The top 5 are:
Stuxnet: Discovered in 2010, the Stuxnet virus remains one of the largest industrial cyber attacks in history. The Stuxnet worm targeted the programmable logic controller (PLC) systems in Iran’s nuclear programme, causing centrifuges to spin out of control without triggering alarms. Before it was caught, the attack was able to destroy up to one fifth of the country’s nuclear centrifuges and set its nuclear programme back a decade.
Flame: In May 2012, Russia’s Kaspersky Lab – one of the world’s biggest producers of anti-virus software discovered another highly sophisticated virus. Unlike Stuxnet, this virus, Flame – which ran undetected for years – was designed to steal PDF files and AutoCAD drawings. The originator of the attack was looking for designs, plans and preciously guarded IP data locked inside some of the country’s biggest industrial facilities
Water tower decoy virus: In December 2012, a malicious virus concealed in an MS Word document sent from Chinese hacking group APT1, successfully took over a water tower control system in the US. Luckily for anyone nearby, the tower was actually a decoy set up to attract such industrial attacks. While nothing was damaged in this incident, it did demonstrate the frightening reality of these attacks.
US Steel: In 2010, US Steel was collaborating with Chinese steel companies, including one particular state-owned enterprise. During the collaboration, an employee at this particular Chinese steel company sent spearphishing emails to US Steel employees, which allowed the hacker to steal hostnames and descriptions of US Steel computers, including those that controlled physical access to company facilities and mobile device access to company networks
Blackout Worm: This was one of the biggest electrical blackouts in history that left eight US states in the dark for days. The culprit was identified as a malicious worm designed to attack Windows and Unix systems of private users, not critical infrastructure. However, when the system monitoring the grid was infected, the hackers got more than they expected with blackouts occurring throughout parts of the northeastern and midwestern US.
Boughton added: “While it is difficult to predict the likelihood of a virus targeting a computer, companies should take preventative measures, like installing antivirus software, to ensure they are not at risk of losing data.
“Legacy systems can present numerous problems as they do not contain as many safeguards as newer systems. Our infographic highlights the importance of protecting against hacking and viruses. Computer security researchers are constantly developing ways to enable antivirus solutions to more effectively detect, prevent and destroy new viruses, however it is up to businesses themselves to ensure they are protected.”
For more information on Boulting Technology services and products, visit www.boultingtechnology.co.uk
Related feature: Understanding risk – cybersecurity for the modern grid