Receive our newsletter – data, insights and analysis delivered to you
July 14, 2016

SentinelOne researchers identify new malware on a European energy firm’s network

Researchers from US-based computer security service SentinelOne Labs have uncovered a new malware on the network of a European energy company.

By Lopamudra Roy

Researchers from US-based computer security service SentinelOne Labs have uncovered a new malware on the network of a European energy company.

Called SFG, the new virus is most likely designed by nation-state attackers and carries the hallmark of a nation-state attack, created in a way that can evade both traditional anti-virus software and the latest firewalls. Security sandboxing software GFI and Joe Sandbox will not be able to reveal the malware's full functionality in analysis.

The SFG virus takes advantage of two known exploits, CVE-2014-4113 and CVE-2015-1701. It also uses a Windows user-account control (UAC) bypass, reported Computing.co.uk.

NSFOCUS IB's chief research intelligence analyst Stephen Gates said: “This scenario begs one to ask the question, ‘Should computing devices that control power grids be accessible to attackers on the Internet?’  In the light of this new malware, most would agree the answer should be no.

"The malware developers seem to have a detailed understanding of Windows, low-level application programming interfaces, and systems calls."

“So why are power company computing devices accessible to hackers or nation states? It could be due to attackers having physical access.

“However, in almost every case it is because those computing devices are connected to the Internet in some shape or form.

Content from our partners
Green investment: What gives Scotland multiple advantages
How Hengst helped to keep Germany’s charity “star singers” shining
How one power station prevented frequent shutdowns with three-stage air filtration

“Primarily this was done to improve efficiency and reduce costs for the power companies.  As a result, they increased profits at the cost of security. Maybe it’s time to rethink that decision.”

According to the researchers, the malware developers seem to have a detailed understanding of Windows, low-level application programming interfaces (API), and systems calls.

Related Companies

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday. A weekly roundup of the latest news and analysis, sent every Wednesday. The power industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU