Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid

Rafiullah Khan, Peter Maynard, Kieran McLaughlin, David Laverty, Sakir Sezer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6492 Downloads (Pure)

Abstract

The BlackEnergy malware targeting critical infrastructures has a long history. It evolved over time from a simple DDoS platform to a quite sophisticated plug-in based malware. The plug-in architecture has a persistent malware core with easily installable attack specific modules for DDoS, spamming, info-stealing, remote access, boot-sector formatting etc. BlackEnergy has been involved in several high profile cyber physical attacks including the recent Ukraine power grid attack in December 2015. This paper investigates the evolution of BlackEnergy and its cyber attack capabilities. It presents a basic cyber attack model used by BlackEnergy for targeting industrial control systems. In particular, the paper analyzes cyber threats of BlackEnergy for synchrophasor based systems which are used for real-time control and monitoring functionalities in smart grid. Several BlackEnergy based attack scenarios have been investigated by exploiting the vulnerabilities in two widely used synchrophasor communication standards: (i) IEEE C37.118 and (ii) IEC 61850-90-5. Specifically, the paper addresses reconnaissance, DDoS, man-in-the-middle and replay/reflection attacks on IEEE C37.118 and IEC 61850-90-5. Further, the paper also investigates protection strategies for detection and prevention of BlackEnergy based cyber physical attacks.
Original languageEnglish
Title of host publication4th International Symposium for ICS & SCADA Cyber Security Research 2016
PublisherBCS
Pages53-63
Number of pages11
DOIs
Publication statusPublished - 25 Aug 2016
Event4th International Symposium for ICS & SCADA Cyber Security Research 2016 - Belfast, United Kingdom
Duration: 23 Aug 201625 Aug 2016
http://www.ics-csr.com

Conference

Conference4th International Symposium for ICS & SCADA Cyber Security Research 2016
Abbreviated titleICS-CSR 2016
Country/TerritoryUnited Kingdom
CityBelfast
Period23/08/201625/08/2016
Internet address

Fingerprint

Dive into the research topics of 'Threat Analysis of BlackEnergy Malware for Synchrophasor based Real-time Control and Monitoring in Smart Grid'. Together they form a unique fingerprint.

Cite this