‘Crash Override’, a malware with the most cyberpunk name of all time, is a cyberattack tool capable of taking out an entire power grid. Doing justice to its name ‘Crash Override’ is “the most evolved specimen of grid-sabotaging malware ever observed”, as claimed by WIRED.
The malware is extremely aggressive and highly customizable, with a modular code, where modules can be easily swapped making it highly versatile and adaptable. In an interview with Reuters, Robert Lipovsky, a malware researcher at ESET, explained that “the malware is really easy to re-purpose and use against other targets. That is definitely alarming, and could cause wide-scale damage to infrastructure systems that are vital.”
‘Crash Override’ has been credited for the collapse of power grid in Kiev, the capital city of Ukraine, causing extensive blackout in the city for an hour; late last year. However, to make matters worse, researchers now believe that the attack was just a dry run, and a power play by its supposable creator Russia, with strained Russia–Ukraine relations, it’s not a stretch to connect the dots; and that matched by Russia’s long love for cyber warfare programs.
The dissection of the residue program code by ESET and Dragos, two of the industry leading security firms, revealed that the malware can be modified with virtually no effort, with most of the process being entirely automatic. The swappable component design and its ability to directly communicate with the grid equipment, giving commands to obscure protocols, makes it much efficient and faster. The malware is also capable of downloading new modules if it can connect to internet, and has the ability to destroy all system files it infects to cover its tracks; making its scope global.
Robert Lee, the founder of Dragos & a former intelligence analyst, notes that this could be troubling for European and US grid officials, as the malware has turned out to be “highly scalable, sophisticated, and dangerous than thought of, nothing about this attack looks like it’s singular.” “The way it’s built and designed and run makes it look like it was meant to be used multiple times. And not just in Ukraine.”
The method used by the malware to initially infect the systems of the power company is still shrouded in mystery. As this is the second known attack of the malware, researchers at ESET believe it could have used the same mode of targeting i.e., via phishing email; which was responsible for the 2015 blackout attack. Researchers say, that the crash override malware infects Microsoft Windows systems and then progresses to gain control of other devices automatically mapping out control systems and locating targeted equipment. The malware is also capable of sending back network logs to its operators, giving them critical insights on how these control systems function over time.
The malware has an option to be programed for automatic detonation at a predefined time, which Lee describes as a “logic bomb functionality.” The attackers could program the malware to run without any oversight or feedback from its operators, even on a network that is not connected to internet.
Is that what the world needs now? Cyber weapons on fr*ckin autopilot?!