Abstract
CRASHOVERRIDE is a modular malware tailor-made for electric grid Industrial Control System (ICS) equipment and was deployed by a group named ELECTRUM in a Ukrainian substation. The malware would launch a protocol exploit to flip breakers and would then wipe the system of ICS files. Finally, it would execute a Denial Of Service (DOS) attack on protective relays. In effect, months of damage and thousands out of power. However, due to oversights the malware only caused a brief power outage. Though the implications of the malware are cause for researching and implementing countermeasures against others to come. The CISA recommends several defenses implement additional ICS firewalls, enable Application Whitelisting, and start configuration/ patch management programs, etc.
Faculty Advisor/Mentor
Leigh Armistead
Document Type
Paper
Disciplines
Information Security | Other Engineering
DOI
10.25776/rtqr-kd18
Publication Date
4-12-2024
Upload File
wf_yes
Included in
A Case Study of the CRASHOVERRIDE Malware, Its Effects and Possible Countermeasures
CRASHOVERRIDE is a modular malware tailor-made for electric grid Industrial Control System (ICS) equipment and was deployed by a group named ELECTRUM in a Ukrainian substation. The malware would launch a protocol exploit to flip breakers and would then wipe the system of ICS files. Finally, it would execute a Denial Of Service (DOS) attack on protective relays. In effect, months of damage and thousands out of power. However, due to oversights the malware only caused a brief power outage. Though the implications of the malware are cause for researching and implementing countermeasures against others to come. The CISA recommends several defenses implement additional ICS firewalls, enable Application Whitelisting, and start configuration/ patch management programs, etc.