Just in time for the New Year, we have this report from SANS about the possible Russian attack on the electric power grid in Ukraine which caused a black out. If confirmed this would be (by my count) the 5th publicly known instance in which a malicious attack caused physical damage (added to Stuxnet in Iran; Shamoon in Saudi Arabia; the attack on the German steel mill; and possibly the one on the Turkish pipeline). Here's a summary from the SANS report:
The Ukrainian power outage is more likely to have been caused by a cyber attack than previously thought. Early reporting was not conclusive but a sample of malware taken from the network bolsters the claims. The unique nature of the malware indicate some level of targeting may be possible but much more information is needed to confirm that targeting of ICS or this specific facility was intended.
- If the malware does end up being related to the BlackEnergy2 campaign then this adds to the possibility that the facility and ICS was specifically targeted
- Technical data alone is very rarely enough to conclude the intention of an adversary
We increasingly live in a world in which cyber means have physical effects -- and that is a daunting way to start the New Year.