InfraGardNCR's Cyber Security Special Interest Group (Cyber SIG) met last Thursday to discuss the December 2015 cyber attack on Ukraine’s power grid impacting approximately 225,000 customers. The attackers launched a malware attack to the power grid so severe it knocked out internal systems and call centers, disabling visibility to the monitoring center so that operators could not detect where the source of the damage was coming from. A member of the group mentioned that because Ukraine’s power grid is not the most sophisticated, the attack was not as effective as it could have been. The fact that they are using 40 - 50 year old technology actually helped them. Power has since been restored, but power companies continue to run under constrained operations. The attack shines light on the importance of cyber security for US facilities, as the same malware has been found in US industrial control systems. Tests for detecting BlackEnergy malware should be run using the latest published YARA signature, found here. For more information about the Cyber SIG, contact us.