UPDATED 22:31 EST / DECEMBER 14 2017

INFRA

Triton malware targets oil and gas assets in the Middle East

A disturbing new form of malware that targets industrial equipment has been discovered in the wild in what may be a serious state-sponsored attack.

Dubbed “Triton” by researchers at FireEye Inc., the malware is said to have already shut down the operations of a critical infrastructure organization in the Middle East and is continuing to be deployed by those behind it. The name of the company wasn’t disclosed, but the malware is said to target equipment sold by Schneider Electric SE that is used in oil and gas facilities.

Schneider Electric specializes in energy management and automation solutions, spanning hardware, software and services. In particular, the malware was designed to disable Schneider’s Triconex product line. The webpage for Triconex describes the offering as “safety instrumented systems” that provide “solutions to protect people, the surrounding communities and the environment, while keeping production operating safely and continuously, throughout the life of your assets.”

FireEye notes in its report that the fact that the attacker targeted Schneider’s SIS suggests “an interest in causing a high-impact attack with physical consequences” and that the “attack objective not typically seen from cyber-crime groups.” Put more simply, whoever is behind the attack was looking to cause physical harm as opposed to trying to gain some sort of financial return.

Who did it is complete speculation at this point, but given that it’s known that the attack occurred in the Middle East, there are some likely contenders for victim and attacker. Earlier this year, the Gulf States and Egypt cut off diplomatic relations with Qatar over the country’s alleged links to Iran. The “Qatar Diplomatic Crisis” remains ongoing, so it’s possible the attack involved countries party to the dispute.

With the Triton malware now in the wild, FireEye recommends that asset owners should consider segregating safety system networks from process control and information system networks, leveraging hardware features that provide for physical control of safety controllers, and a number of other steps to protect themselves from a Triton attack.

Photo: U.S. Navy/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.