Protecting Against GreyEnergy

In response to the recent discovery of GreyEnergy, a highly sophisticated piece of malware targeted industrial control systems, please see below comments from Moreno Carullo, co-founder and CTO of Nozomi Networks.

Moreno Carullo, Co-founder and CTO at Nozomi Networks:

“The recent discovery of yet another undocumented advanced malware, now dubbed GreyEnergy, was inevitable. We are seeing a trend in ICS cybersecurity where this, and other malwares do exist, and they are threatening our world’s most critical infrastructures. This specific report claims that GreyEnergy could be a successor of BlackEnergy, the malware that targeted and successfully attacked Ukrainian facilities in December of 2015 – and that could absolutely be the case.

GreyEnergy is an important tool in the arsenal of some of the most dangerous APT groups that have been terrorizing Ukraine for the past several years. Each new malware our industry discovers is proving to be more and more advanced, like how this GreyEnergy malware extends its capabilities by receiving the module remotely. With these malwares, cybercriminals are using two main attack vectors: compromising public-facing web services and spear-phishing – both methods that can be easily thwarted with the right ICS security solution and the necessary training for employees.

With continuous visibility, advanced ICS security and constant education, industrial facilities worldwide can leverage their skills and tools to ensure they aren’t at risk to be hit next at a time where industrial controls and critical infrastructure are priority cybersecurity targets.”