The recent power outage in the Ukraine, which left thousands without electricity, is reported to be the result of a malicious cyber attack.
Researchers claim that highly destructive malware infected 3 regional power centres leading to a number of electrical substations being disconnected. On Monday security researchers iSIGHT Partners told Ars Technica that it had obtained samples of the malicious code which caused the Ukraine power outage.
If the power outage is confirmed to be the result of malicious malware; the incident is the first of its kind and a potentially worrying sign of things to come.
Earlier this week John Hultquist, head of cyber intelligence at iSIGHT, told Ars Technica:
"It's the major scenario we've all been concerned about for so long...It's a milestone because we've definitely seen targeted destructive events against energy before—oil firms, for instance—but never the event which causes the blackout."
Industry experts are now left pondering whether this is just the start of a new wave of cyber attacks on industrial environments, specifically engineered to cause physical damage and wide-scale disruption to utilities. Security firm ESET claim that they have encountered a number of similar attacks recently in other areas of the country, stating:
"We have discovered that the reported case was not an isolated incident and that other energy companies in Ukraine were targeted by cyber criminals at the same time. Furthermore, we found out that the attackers have been using a malware family on which we have had our eye for quite some time now: BlackEnergy."
BlackEnergy was first discovered in 2007 and has since been updated with a host of new capabilities, including the ability to delete system files, rendering infected computers unbootable. The recent attack on the Ukraine is believed to have been the result of a phishing email from a faked government mail account.
The prospect of such cyber attacks have been of great concern to UK politicians for some time. At the end of last year UK Chancellor George Osborne announced that £2bn in funding has been pledged to help protect the UK from cyber attacks of this nature. When the announcement was made in November, Osborne said:
"If the lights go out, the banks stop working, the hospitals stop functioning or government itself can no longer operate, the impact on society could be catastrophic."