User Account

All Pages

The cyberattack on ukraine assignment

Assignment Help Basic Statistics
Reference no: EM132757514

The Cyberattack on Ukraine Assignment

After Russia annexed Crimea from Ukraine in 2014, authorities started nationalizing Ukrainian-owned energy companies in Crimea. In late 2015, Ukrainian supporters physically attacked electrical power distribution centers, plunging two million Crimeans in the dark.

Each of Ukraine's 24 regions is served by a different electric company. On December 23, 2015, the Ukrainian power grid experienced a cyberattack. The activists simultaneously attacked three power distribution substations, cutting power to some 230,000 Ukrainians.

The multistage, targeted cyberattack actually started in the spring of 2015. Let's take a look at how the cyberattack unfolded.

The Spear-Phishing Attack. In the first stage, the attackers launched a spear-phishing attack on IT staff and system administrators at three of the power distribution companies in Ukraine. The attack sent e-mails to employees that contained a malicious Word file. If an employee clicked on the document, a popup window told them to enable macros for that file. If they did so, a malicious software program named BlackEnergy3 infected their computers and allowed the hackers entry into their system.

Reconnaissance. The spear-phishing attack allowed the intruders to access the power distribution companies' corporate networks. However, the intruders still had to gain access to the supervisory control and data acquisition (SCADA) networks that actually operated the power grid, but the power companies had competently separated those networks from corporate networks with a firewall. Therefore, the attackers had to search the corporate networks and gain entry to the Windows Domain Controllers. From there, the hackers gathered employee login credentials from the user accounts. Some of these login credentials were used by employees to access virtual private networks (VPNs) to remotely log in to the SCADA network. The attackers now had access to the SCADA networks.

Disabling the uninterruptible power supply. The attackers now rejigged the supply of uninterruptible power to the three systems' control centers. They wanted to cut power to the operators as well as the customers.

Disabling the converters. The attackers then coded malicious software to supersede the actual software on converters at power company substation control systems. (These converters handle data from the SCADA network to the substations.) Disabling the converters stopped employees from transmitting remote commands to reestablish power after it was cut. The converters could not work and could not be recovered. This situation meant that the power companies could not recover until they obtained new converters and incorporated them into the power system. (Note: Power companies in the United States use the same type of converters as those used in Ukraine.)

Denial-of-service attack. The attackers now targeted customer call centers, initiating a telephone denial-of-service attack. That meant that customers could not call in to report the blackout when it occurred. The attack jammed up the distribution centers' call centers with thousands of false calls, blocking actual customers from getting through. This denial-of-service attack allowed the attackers more time to work on their attack because not only were substation employees seeing false information on their hijacked computers, but they were receiving no phone calls reporting power outages.

Causing the blackout. On December 23, the attackers used the commandeered VPNs to access the SCADA networks and deactivate the uninterruptible power supply that they had already reconfigured. Then they removed substations from the power grid.

Deploying KillDisk. Lastly, the attackers deployed software called KillDisk to complete their path of destruction. KillDisk deletes or overwrites essential system files from operators' computers to disable them as well. Because KillDisk also wipes the master boot file, operators could not reboot the crashed computers.

About half the homes in Ukraine's Ivano-Frankivsk region lost power. The cybercriminals also simultaneously attacked a large mining company and a major railway. The incidents seem to have been politically motivated, meant to disable Ukrainian critical infrastructure in a strike, according to security analysts at Trend Micro (www.trendmicro.com).

Homes and businesses in the impacted areas only lost power from one to six hours. However, more than two months later, the control centers were still not completely back online. Electricity was still being delivered, but employees had to manually operate the power substations.

The attack caused only digital damage; if the substations had been physically damaged, it would have taken much longer to restore power. In 2007, the U.S. government showed how criminals could remotely destroy a power generator through a SCADA attack with just 21 lines of malicious code.

Infrastructure personnel can learn many lessons from the attack. Ukraine's power generation control systems were unexpectedly more robust than some in the United States. The reason is that the Ukrainian SCADA networks were separated from the business networks with excellent firewalls. However, the Ukrainian control systems still had security weaknesses. For example, employees remotely accessing the SCADA network were not prompted to use two-factor authentication, which enabled the hackers to steal login information and gain entry to the SCADA systems.

Another lesson is that in the United States many power systems lack manual backups. That is, if criminals were to attack automated SCADA systems in the United States, it would be much more difficult to bring the grid back online.

This first-ever successful attack of a power grid's computers is a dire safety warning for other such systems across the world. Experts in industrial control systems at the Sans Institute (www.sans.org) say the hack of the Ukrainian power grid was the first time that cybercriminals have managed to directly bring down a power grid.

In December 2016, Ukraine was attacked again. Reports alleged that a group of Russians attacked computers at a control center of a power supplier in Kiev. The attackers apparently used phishing attacks on workers, enabling the intruders to grab login information and disable substations. The shutdown affected some 20 percent of Kiev's nighttime electrical use.

Sources: Compiled from J. Condliffe, "Ukraine's Power Grid Gets Hacked Again, a Worrying Sign for Infrastructure Attacks," MIT Technology Review, December 22, 2016; E. Markowitz, "After Ukraine Cyberattacks, FBI and DHS Urge U.S. Power Companies to Develop Better Safety Protocols," International Business Times, April 21, 2016; "FBI, DHS Issue Warning about Increasing Cyber Threat to Nation's Power Grid after Downplaying It in January," Cyberwar.news, April 12, 2016; B. Gertz, "FBI Warns of Cyber Threat to Electric Grid," The Washington Free Beacon, April 8, 2016; K. Zetter, "Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid," Wired, March 3, 2016; D. Voltz, "U.S. Government Concludes Cyber Attack Caused Ukraine Power Outage," Reuters, February 25, 2016; W. Ashford, "Ukraine Cyber Attacks Beyond Power Companies, Says Trend Micro," Computer Weekly, February 12, 2016; J. Robertson and M. Riley, "How Hackers Took Down a Power Grid," Bloomberg BusinessWeek, January 14, 2016; M. Heller, "Russian Actors Accused of Attacking Ukraine with BlackEnergy Malware," TechTarget, January 4, 2016; D. Goodin, "First Known Hacker-Caused Power Outage Signals Troubling Escalation," Ars Technica, January 4, 2016; J. Cox, "Malware Found Inside Downed Ukrainian Grid Management Points to Cyberattack," Motherboard, January 4, 2016.

Questions

Describe what the Ukrainian power distribution companies did correctly to try to prevent such attacks.

Describe what other actions that the Ukrainian power distribution companies did incorrectly, or did not at all, in order to try and prevent such attacks.

What lessons can other power companies gain from the Ukrainian cyberattack?

Explain the following 10 types of deliberate attacks (for each item, please do not write more than 5 lines).

Information extortion

Sabotage and vandalism

Identity theft

Phisihing attack

Distributed denial-of-service (DDoS) attack

Back door

Supervisory control and data acquisition (SCAND) attacks

Cyberterrorism and cyberwarfare

Reference no: EM132757514

Questions Cloud

What is the value of the stock ex rights : Knight Inventory Systems, Inc., has announced a rights offer. The company has announced that it will take four rights to buy a new share in the offering.
Which service you should enable in linux server : Answer the following a. Which service you should enable in Linux server? b. Which file used to configure the service?
Application of privacy principles to website development : Describe the application of privacy principles to website development, user access and user usage
Explain the statement related to interest rate : 'For large interest rate increases, the duration model over-predicts the fall in bond prices while for large interest rate decreases it under-predicts.
The cyberattack on ukraine assignment : After Russia annexed Crimea from Ukraine in 2014, authorities started nationalizing Ukrainian-owned energy companies in Crimea.
By how much would npv increase : Better Mousetraps has developed a new trap. It can go into production for an initial investment in equipment of $5.7 million. The equipment will be depreciated.
Record the journal entry to establish the partnership : Record the journal entry to establish the partnership. Brady and Manning decide to start up a partnership. Brady brings in $20 000 cash and equipment costing.
Compute the price and quantity variances for the period : Pyre Mills, Inc. is a large producer of men's and women's clothing. The company uses a standard costing system. The standard costs and actual costs per unit.
Draw supply and demand curves for multivent bonds : Draw supply and demand curves for your MultiVent bonds. The quantity of bonds is measured along the x-axis, and the price along the y-axis.

Reviews

Write a Review

Basic Statistics Questions & Answers

  Estimating the mean life of a new product

Problem: We are interested in estimating the mean life of a new product. How large a sample do we need to take in order to estimate

  Rigour of strategic management

Not-for-profit organisation do not need the rigour of strategic management as compared to commercial organisations.

  Airline frequent-?ier card

Is the Hyatt Gold Passport better liked than the airline frequent-?ier card by holders of both cards? Explain.

  Analyze orders are delivered in less than ten minutes

A sample of 70 orders revealed that 57 were delivered in promised time. At .02 significance level, can we conclude that less than 87 percent of orders are delivered in less than 10 minutes?

  After 2 years there was no difference in the risk of heart

a large study was conducted to test the effectiveness of a drug in combination with aspirin in warding off heart

  Independent sample with two variables

What inferential statistic would you use for a independent sample with two variables?

  Total annual coupon income you will receive in year 3 is

Inflation turns out to be 2.3%, 3.3%, and 4.3% over the next 3 years. The total annual coupon income you will receive in year 3 is?

  Selecting one cable at random

The distributor selects one cable at random from among all cables in stock. If the cable selected is found to meet the strength specifications, what is the probability that the cable was produced at Plant A?

  Find the standard deviation using the rule of thumb

The following data set shows the ages of the first 7 presidents and the 7 most recent presidents including President Obama. Find the mean, median, and range for each of the two data sets.

  Waiters report for work to minimize total staff required

How many waiters and busboys should report for work at the start of each time period to minimize the total staff required for one day's operation.

  Conducting a simple random sample of fitness clubs

Since travel and administrative costs for conducting a simple random sample of all members of fitness clubs throughout Japan would be prohibitive.

  People receiving and waiting to receive information

A new shopping mall is considering setting up an information desk manned by one employee. Based upon information obtained from similar information desks, it is believed that people will arrive at the desk at the rate of 15 per hour.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd