Newsnewsrcwrtneoconstieronepostersplaywithpoo

Wed Apr 10, 2019, 08:31 PM

Mysterious Safety-Tampering Malware Infects A Second Critical Infrastructure Site

Use of game-changing Triton malware to target safety systems isn't an isolated incident.

DAN GOODIN - 4/10/2019, 12:01 AM

Sixteen months ago, researchers reported an unsettling escalation in hacks targeting power plants, gas refineries, and other types of critical infrastructure. Attackers who may have been working on behalf of a nation caused an operational outage at a critical-infrastructure site after deliberately targeting a system that prevented health- and life-threatening accidents.

FURTHER READING
Game-changing attack on critical infrastructure site causes outage

There had been compromises of critical infrastructure sites before. What was unprecedented in this attack—and of considerable concern to some researchers and critical infrastructure operators—was the use of an advanced piece of malware that targeted the unidentified site’s safety processes. Such safety instrumented systems (SIS) are a combination of hardware and software that many critical infrastructure sites use to prevent unsafe conditions from arising. When gas fuel pressures or reactor temperatures rise to potentially unsafe thresholds, for instance, a SIS will automatically close valves or initiate cooling processes to prevent health- or life-threatening accidents.

By focusing on the site’s SIS, the malware carried the threat of physical destruction that, depending on the site and the type of accident, had the potential to be serious if not catastrophic. The malware was alternately named Triton and Trisis, because it targeted the Triconex product line made by Schneider Electric. Its development was ultimately linked to a Russian government-backed research institute.

Not an isolated incident

Now, researchers at FireEye—the same security firm that discovered Triton and its ties to Russia—say they have uncovered an additional intrusion that used the same malicious software framework against a different critical infrastructure site. As was the case in the first intrusion, the attackers focused most of their resources on the facility’s OT, or operational technology, which are systems for monitoring and managing physical processes and devices.

More...

https://arstechnica.com/information-technology/2019/04/mysterious-safety-tampering-malware-infects-a-2nd-critical-infrastructure-site/

3 replies, 85 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 3 replies Author Time Post
Reply Mysterious Safety-Tampering Malware Infects A Second Critical Infrastructure Site (Original post)
RCW2014 Apr 10 OP
oflguy Apr 10 #1
Muddling Through Apr 10 #2
uncledad Apr 11 #3

Response to RCW2014 (Original post)

Wed Apr 10, 2019, 08:37 PM

1. Could be China, or Iran

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RCW2014 (Original post)

Wed Apr 10, 2019, 09:09 PM

2. Must be some way to blame "Teh Joos", amirite?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to RCW2014 (Original post)

Thu Apr 11, 2019, 09:11 AM

3. North Korea.

Rocket-man's cyber troops are active.

Reply to this post

Back to top Alert abuse Link here Permalink

Newsnewsrcwrtneoconstieronepostersplaywithpoo