The ISIL is trying to hack American electrical power companies

US authorities confirmed that hackers belonging to the Islamic State (ISIL) are trying to hack American electrical power companies.

According to the U.S. law enforcement, the ISIL is trying to hack American energy firms, the news arrives while the US Government  has charged for the first time a man of cyberterrorism.

The news was revealed by law enforcement officials during a conference of American energy firms that were discussing Homeland Security. The ISIL has the cyber capabilities to run cyber attacks against US critical infrastructure and the US intelligence is aware of the risks.

In May 2015, Pro-ISIL Hackers belonging to the Cyber Caliphate hacking team threatened ‘Electronic War’ on US and Europe.

“ISIL is beginning to perpetrate cyberattacks,” explained Caitlin Durkovich, assistant secretary for infrastructure protection at the Department of Homeland Security.

Investigators revealed to CNNMoney that Islamic State have run a series of cyber attacks that have been unsuccessful. They avoided to provide further information on the attacks neither cited evidence of specific incidents.

The experts described the attacks as not particularly sophisticated, anyway they represent a serious threat to the Homeland Security. ISIL hackers use to buy hacking tools in the black markets, there is no evidence that they are developing their own “cyber weapons.”

“Strong intent. Thankfully, low capability,” said John Riggi, a section chief at the FBI’s cyber division. “But the concern is that they’ll buy that capability.”

The risk of a cyber attack is scaring law enforcement, an incident on power companies could disrupt the flow of energy to U.S. homes and businesses.

The problem is not limited to the ISIL, also domestic terrorists and foreign state-sponsored hackers could cause serious damage. In the past industrial control systems at the energy industry were attacked by Russian hackers,

In July 2014 researchers at FireEye detected a new variant of Havex RAT that was specifically designed to scans SCADA network via Object linking and embedding for Process Control (OPC), control systems hit by the malware are vital components in any industrial process including energy.

In June 2014 experts at F-Secure discovered instances of the Havex malware used to targetIndustrial Control Systems (ICS) in surgical attacks implementing “watering-hole attack” scheme which involved ICS vendor site as intermediary target.  It has been estimated that the number of compromised energy companies in the US and Europe is nearly 1000, an impressive number that gives us an idea of the impact of the Havex operation.

In November 2014, the US-CERT issued an Alert (ICS-ALERT-14-281-01A) related to an ongoing sophisticated Malware campaign compromising ICS systems with BlackEnergy malware.

“They’d love to do damage, but they just don’t have the capability,” said the Mark Lemery, a critical infrastructure protection coordinator. “Terrorists have not gotten to the point where they’re causing physical damage.”

The experts sustain that an attack on the entire U.S. energy grid is not simple because the national infrastructure is “a chaotic patchwork of “grids,” each with different types of machines and software that don’t smoothly coordinate or communicate”.

How to protect critical infrastructure from cyber attacks of terrorist group like the ISIL?

As explained by Riggi, it is necessary a joint effort of law enforcement and intelligence agencies inside the US and also on a global scale.

“We’ve had pretty good success actually,” Riggi said. “Since the FBI is an intelligence agency, we rely on the help of CIA and NSA. We compare information with the NSA.”

What will happen if hackers will hit critical infrastructure in the US, which will be the economic impact of a cyber attack against a power grid?

According to a poll done by Morning Consult firm, cyber attacks are just behind terrorism attacks on the list of biggest threats to the US, it has been estimated that the insurance industry could face losses of about $21 billion.

If you want more info give a look to my report “Cyber Attacks on the Power Grid: The Specter of Total Paralysis”

Pierluigi Paganini

(Security Affairs –  Energy industry, ISIL)