It has been discovered by cyber security experts that hackers are using a new type of malware to target industrial control systems which is forcing operations to shut down. Cybersecurity firm FireEye has named this malware “Triton”. Travis Smith, Principal Security Researcher at Tripwire commented below.
Travis Smith, Principal Security Researcher at Tripwire:
“The fact that operations were shut down, whether that was the primary intent or not, shows the real physical impact these cyber threats can have on critical infrastructure. Industry experts have warned about these threats for some time now, so incidents like these emphasize the need for industrial operators to invest in securing their infrastructure.
Critical infrastructure still suffers from a general lack of foundational security controls. There was a time when industrial control systems could be protected by physical security measures. Internet connectivity changed the whole security landscape and operators must address the new cyber risks, such as misconfigured devices and unpatched vulnerabilities. With the potential impact so great, we need to take action before something terrible happens.”
Gary McGraw, Vice President of Security Technology at Synopsys:
“When everything is connected to the Internet, including industrial control systems, cars and trucks, and banks, we should not be surprised with the connected things become potential targets. War has long since moved onto the Internet just like everything else. Physically destroying a target’s infrastructure in future wars may be just as much a matter of logic bombs in software as it is about exploding missiles made of metal. You can bet that nation-states are doing whatever they can to get a leg up on potential enemy targets, including probing safety instrumented systems (SIS). In this case the SIS apparently tripped a shutdown while attackers were probing and doing other system reconnaissance. The attackers did not set out to get caught.
Software has been a target of attack for decades. We should not be surprised that infrastructure software in safety critical systems is a target. The TRITON attack serves as an important wake up call for those continuing to hit the cyber snooze button.”
Moreno Carullo, Co-Founder and CTO at Nozomi Networks:
“Copperfield is not nearly as dangerous as Triton and its propagation can be stopped by not allowing engineers and operators to use USB devices connected to Industrial Control Systems (ICS). Although this is not an improved malware, it could result in data exfiltration, control of a workstation or reconnaissance of the network. It is however, an incident that reiterates the message that cybercriminals are actively probing critical infrastructure for vulnerabilities and are increasing their efforts. All ICS operators should be on high alert as this type of activity is increasing exponentially. In the meantime, ICS operators must strictly adhere to best practices, security protocol and be vigilant about looking for abnormal behaviours in the network using deep packet inspection and hybrid analysis.”
