Microsoft Issues Warning Around Power Grid Hacking
Image courtesy of Cyber Security under Attribution-NoDerivs 2.0 Generic License, resized to 700 x 391 pixels.
Microsoft issued a warning on November 22, 2022, stating that the power grid has a vulnerability which has the potential to be exploited by malicious entities. The problem comes down to a web server commonly used for IoT devices that was discontinued in 2005 but that is still utilized heavily within the utility industry (and many other industries as well). Here’s a deeper look into Microsoft’s ominous warning.
Nuts and Bolts of the Microsoft Hack Warning
I’m going to avoid getting too technical here, but if you want all the technical details, you can check out the analysis the company published.
The abbreviated version of the issue is that Microsoft discovered a vulnerable open-source Boa web server component. The component is very common – Microsoft estimates there are over 1 million in operation globally. And unfortunately, despite the recency of the warning, this vulnerability has been well known by bad actors for a long time and is frequently targeted for exploitation. And once the hackers gain access, it’s very difficult to detect because valid credentials are utilized.
The vulnerable Boa server component was used as the entry point for a recent grid attack on Indian power company Tata Power, executed by Chinese state-sponsored hackers. In that incident, the hackers were able to use IoT devices to commandeer operational technology (OT) networks used for industrial system monitoring and control. The hackers were able to access sensitive employee information, engineering drawings, financial and banking records, client records and some private keys.
Unfortunately, all indications are that this will be a difficult issue to mitigate. Not only are there over 1 million such components in operation, but there is a lot of complexity with how these components are built into the IoT device supply chain.
For its part, Microsoft recommends that grid operators identify vulnerable devices, patch as many of them as possible, and check detection systems and algorithms to make sure they monitor for targeted attacks on devices that utilize the vulnerable component.