It's just days into 2016, and cyberattacks are already ramping up to frightening new levels. A recent attack, which left hundreds of thousands of people without electricity in the dead of winter, could have killed people.
This cyberattack, which may have been state-sponsored, is the first known successful attack on a country's power grid. We've told you before about hackers trying to break into utilities' computer systems, including Iranian hackers recently accessing a power system in New York state. But, so far no attack has caused widespread power outages. Until now.
The Sandworm gang of hackers, possibly based in Russia, has infected at least three electricity substations in Ukraine, and shut them down. That left hundreds of thousands of people without electricity.
The Sandworm gang used a malware called BlackEnergy that was first discovered in 2007, and has since been updated a few times. It causes problems, such as preventing you from starting your computer. Their Ukraine attack couldn't have been simpler. The hackers infected Microsoft Office software with malware that looked like macros.
A newer update of BlackEnergy, called KillDisk, destroys parts of hard-drives and can be used to destroy industrial systems. BlackEnergy also has a backdoor utility that gives hackers permanent access to your computer.
Cybersecurity experts at ESET say BlackEnergy, or its components, can be used to shut down utilities. Although, they didn't say exactly how it was used by the hackers who attacked the Ukrainian facilities.
ESET executives wrote, in part: "Our analysis of the destructive KillDisk malware detected in several electricity distribution companies in Ukraine indicates that it is theoretically capable of shutting down critical systems. However, there is also another possible explanation. The BlackEnergy backdoor, as well as a recently discovered SSH backdoor, themselves provide attackers with remote access to infected systems."
The Sandworm gang, and other hackers, in the past have mostly used BlackEnergy to spy on media companies. They also used the malware to infect media outlets' computers and, in some cases, permanently deleted files.
They've also targeted governments and NATO, the North Atlantic Treaty Organization. Cybersecurity experts caution people to not assume that Russian hackers have been behind the Ukraine blackouts, although they strongly hint they may have been.