malware Ukraine says to review cyber defences after airport targeted from Russia

[Reefa]

Ukrainian authorities will review the defences of government computer systems, including at airports and railway stations, after a cyber attack on Kiev's main airport was launched from a server in Russia, officials told Reuters on Monday.

 

Malware similar to that which attacked three Ukrainian power firms in late December was detected last week in a computer in the IT network of Kiev's main airport, Boryspil. The network includes the airport's air traffic control.

 

Although there is no suggestion at this stage that Russia's government was involved, the cyber attacks have come at a time of badly strained relations between Ukraine and Russia over a nearly two-year-long separatist conflict in eastern Ukraine.

 

"In connection with the case in Boryspil, the ministry intends to initiate a review of anti-virus databases in the companies which are under the responsibility of the ministry," said Irina Kustovska, a spokeswoman for Ukraine's infrastructure ministry, which oversees airports, railways and ports.

 

Ukraine's state-run Computer Emergency Response Team (CERT-UA) issued a warning on Monday of the threat of more attacks.

 

"The control centre of the server, where the attacks originate, is in Russia," military spokesman Andriy Lysenko said by telephone, adding that the malware had been detected early in the airport's system and no damage had been done.

 

A spokeswoman for the airport said Ukrainian authorities were investigating whether the malware was connected to a malicious software platform known as "BlackEnergy", which has been linked to other recent cyber attacks on Ukraine.

 

There are some signs that the attacks are linked, she said.

 

"Attention to all system administrators ... We recommend a check of log-files and information traffic," CERT-UA said in a statement.

 

In December three Ukrainian regional power firms experienced short-term blackouts as a result of malicious software in their networks. Experts have described the incident as the first known power outage caused by a cyber attack.[ID:nL2N14W1MD]

 

A U.S. cyber intelligence firm in January traced the attack back to a Moscow-backed group known as Sandworm.

 

The Dec. 23 outage at Western Ukraine's Prykarpattyaoblenergo cut power to 80,000 customers for about six hours, according to a report from a U.S. energy industry security group. [ID:nL1N14Q1SE]

 

Ukraine's SBU state security service has blamed Russia, but the energy ministry said it would hold off on attribution until after it completes a formal probe.

http://uk.reuters.com/article/uk-ukraine-cybersecurity-malware-idUKKCN0UW0S7

 

[jayesh30202]

First on CNN: U.S. investigators find proof of cyberattack on Ukraine power grid

 

 

Washington (CNN)U.S. investigators have found evidence to confirm what is believed to be the first-of-its-kind cyberattack on a power grid that caused a blackout for hundreds of thousands of people in Ukraine in December.

 

A U.S. official close to the investigation said the power outage was caused by a sophisticated attack using destructive malware that wrecked computers and wiped out sensitive control systems for parts of the Ukrainian power grid.

 

For years, U.S. officials have expressed worry about the vulnerability of the U.S. power grid. And the U.S. investigation of the Ukrainian attack has confirmed what until now has been largely theoretical: that cyberwarfare can be used to disable the U.S. power grid. U.S. systems aren't any more protected than those breached in Ukraine, the U.S. official said.

 

Ukrainian authorities have blamed Russia for the outage, saying it was part of the Russian government's pattern of undeclared war against its neighbor. Almost immediately, investigators found indications of a malware called BlackEnergy.

 

The U.S. sent experts from the Energy and Homeland Security departments, as well as the FBI, to assist the Ukrainians in their investigation.

 

What the U.S. investigators found was an unprecedented cyberwarfare attack, the U.S. official told CNN.

 

A sophisticated team of hackers coordinated attacks at the same time against six power providers, the U.S. official said.

The attack was so severe that it knocked out internal systems intended to help the power companies restore power. Computers were destroyed, and even the call centers used to report outages were knocked out.

 

The question of who carried out the attack is still unanswered.

The BlackEnergy malware has origins in Russia, but the U.S. isn't ready to attribute the attack to the Russian government.

 

But the attack raises important and alarming questions for the U.S. The same malware has been found in U.S. industrial systems.

In a statement, Homeland Security spokesman S.Y. Lee said the incident in Ukraine "remains the subject of an ongoing investigation."

 

He added that the department, along with the Energy Department, "work with the electric sub-sector to help them understand risks associated with malicious cyber activity, physical attacks, and/or other hazards. We do this by efficient information sharing, assessments of critical assets, and joint planning and exercises."

 

 

Story highlights:-

A U.S. official close to the investigation said the power outage was caused by a sophisticated attack using destructive malware.

 

U.S. systems aren't any more protected than those breached in Ukraine, the U.S. official said

 

Source

[Sylence]

unprecedented cyberwarfare attack? U.S officials lost their memories?