Monday, 18 December 2017
On 20:40 by admin 1 comment
Hackers,
who researchers have said were possibly working for a nation-state,
recently targeted an unnamed critical infrastructure site, causing
operational outage. Security investigators and researchers said that the
attackers halted plant operations by using a malware to target systems.
In its
report, security firm FireEye wrote the attack was targeted at Triconex
from Schneider Electric – the technology is used for industrial safety.
The company website advertises the technology as a complete solution
for process safety – offering systems and software for emergency
shutdown, fire and gas control, high-intensity pressure management, and
other life critical checks. Schneider has also acknowledged the attack
that appears to be targeted and has alerted all its consumers that use this technology.
The malware that is being called TRITON (for its attack on Triconex) appears
to be specifically designed to cause physical damage to this unnamed
critical infrastructure plant/site since it was hitting the site’s
safety system. Hackers first took control of a workstation
running Triconex safety shutdown system and tried to reprogram
controllers that are used to identify potential safety issues. During
this some of the controllers entered a fail safe mode, causing some
processes to shut down, and prompting the asset owner to initiate an
investigation.
“Mandiant
recently responded to an incident at a critical infrastructure
organization where an attacker deployed malware designed to manipulate
industrial safety systems,” Mandiant, division of FireEye, said. “The
targeted systems provided emergency shutdown capability for industrial
processes.
“We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations.”
Both
the security firm and Schneider have declined to identify the victim or
its industry due to security concerns. One firm puts the victim in the
Middle East.
Alerts
have been issued by several governments this year warning of
cyberattacks on critical infrastructure sites, however, this is possibly
the first report of a targeted attack on a safety system at an
industrial plant. While a possible first attack on safety control system
that disrupted the operations, attackers have previously targeted
electric grids in Ukraine, not to forget the US- and Israel-powered Stuxnet that was used to target Iran’s nuclear facilities.
“Of
note, on several occasions, we have observed evidence of long term
intrusions into ICS which were not ultimately used to disrupt or disable
operations,” FireEye wrote. “For instance, Russian operators, such as
Sandworm Team, have compromised Western ICS over a multi-year period
without causing a disruption.” This paints an even darker picture as
most countries/companies don’t even get to know about unauthorized
access until operations are disrupted.
If
history is prologue, more attackers will now start looking into the
possibilities. “This is a watershed,” Sergio Caltagirone, head of threat
intelligence at Dragos, said. “Others will eventually catch up and try to copy this kind of attack.”
Subscribe to:
Post Comments (Atom)
Search
Featured post
27 good hacker documentary
In the eyes of most people, a group of hackers usually extremely boring nothing interesting people, and that if only the computer code in ...

Want To Boost Your ClickBank Banner Traffic And Commissions?
ReplyDeleteBannerizer made it easy for you to promote ClickBank products with banners, simply visit Bannerizer, and grab the banner codes for your picked ClickBank products or use the Universal ClickBank Banner Rotator Tool to promote all of the available ClickBank products.