Two weeks ago, an attack sent darkness over the western part of Ukraine.
The attack was caused by hackers who found a way to get malware into three operation centers causing transmission lines to overload and fail leaving 80,000 customers of Prykarpattyaoblenergo utility without electricity for six hours.
Stephen Cobb, security researcher at Bratislava-based security company ESET, said it was not the actual malware that caused the blackout, but a result of what people can do with it.
“The malware gave the attackers control. The malware itself didn’t carry out, didn’t execute the power outage or cut the switch. This kind of Trojan code once it’s on there can be used to do all kinds of things with the system that it has compromised,” Cobb said.
He said even though power companies in the U.S. have well developed technology, they are still susceptible to this kind of an attack.
“One would like to think in the United States, power companies here have taken their systems beyond the point where this can happen, but I wouldn’t necessarily bet on it,” Cobb said. “The power of a phishing attack is still very strong. It only takes one person to click on the wrong thing.”
He also said people working in those facilities know what they are up against.
“People who work at power companies, I would say, are painfully aware of the threat level and have been working very hard in recent years to improve their security,” Cobb said.
Additional production by Praveen Sathianathan.
There’s a lot happening in the world. Through it all, Marketplace is here for you.
You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible.
Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.