Power Grid Attack

Power Grid Attack

Use Case in Electricity Market

Power Grid Attack: A team of white hat hackers is hired by a power company in the US to test its security defenses. They began with reconnaissance by observing the surrounding areas near the power grid for a day and took notes of all the security cameras fitted in and aroundthe main office building. The next day, two of them disguised as technicians from local ISP to check internet speed issues and tried to get into the office building. The receptionist gave them visitor badges without checking their identities. However, while waiting for someone to escort them to the server room, a supervisor appeared and denied access to them based on suspicion. They eventually left the office.

Around 12.30 AM at midnight, the hackers managed to break into the office building. Although they could not get in using social engineering techniques, with the help of reconnaissance, two of them managed to enter from the front door while the other entered through the back door. The hackers entered through the front gate using a shove-it tool to break-in. They also carried along sophisticated tools to open the locked doors in the office. One of them installed a hardware device called PlugBot through an outlet for maintaining the ongoing system connections and controlled the operations using the software on his laptop

They dispersed to different directions inside the office where a lot of private and confidential data can be found on workstations to be used for shutting down the power for many areas. One of the hackers removed the cabinet cover of the workstation and tried to connect a USB flash drive to perform cloning. The Motionlock feature immediately detected the change in the ambient light upon the removal of the cover. As soon as he began the cloning operation, the sophisticated AI algorithm that continuously monitors all operations at the firmware level detected the cloning activity and triggered X-Guard Threat Lock (Security Scout) to prevent data cloning at the firmware kernel level. The other two hackers tried to install malware on different host systems to
remotely access the confidential information of power substations. Since X-PHY® trusts no one, its adopted AI algorithms detected the abnormal activities of password-stealing and creation of backdoor and triggered the X-Guard Threat Lock (Guardian Pro-X) to restrict access to the NAND flash storage and lock down the data at the firmware level.

Another host system is installed with a patching firmware rootkit to reverse engineer the update utility and firmware to an unofficial update. But this is detected by the sophisticated AI algorithm which then activated the Keycode Pro-X to restrict the update as it is not approved with the unique serial number on the X-PHY® device

The X-Factor Encryption Lock is activated once the data is locked due to malicious and abnormal operations restricting access to NAND flash storage. Unsuccessful 2FA kept the data locked and secured from hackers. Hence, they could not find access to any relevant or useful information and left them with no choice but to flee away

X-PHY Protection Method

1. The Motionlock in the X-Site Security detects the change in the ambient light as soon as the host system cover is removed. This is triggered by continuous real-time AI monitoring at the firmware level. The Security Scout within X-Guard Threat Lock detects the malicious behavior of unauthorized cloning.

2. The Guardian Pro-X within the X-Guard Threat Lock detects the malicious behavior of the malware and triggers the AI real-time surveillance at the firmware level.

3. Keycode Pro-X within the X-Factor Encryption Lock detects the vicious operations of patching firmware rootkit leading to an untimely firmware upgrade. The upgrade fails as it is not approved by the unique serial key on the X-PHY®. This serial number is generated using a special algorithm

4. Once the X-PHY® detects an unusual or malicious behavior through the AI real-time monitoring, it activates the X-Factor Encryption to prevent any access by locking down the data and triggers the Keycode 2-factor authentication.

5. X-PHY® enters the safe mode asking for the password to complete the 2-factor authentication.

Share This On Your Favorite Social Media!