UPDATED 21:44 EDT / APRIL 10 2019

SECURITY

New malware attack causes real-world damage

Security researchers have uncovered a new attempted hack using Triton malware, which targets industrial equipment in an effort to cause physical damage to its targets.

Triton was first detected in 2017 when it was used to target the operations of a critical-infrastructure organization in the Middle East. A later report, which attributed Triton to Russia, noted that the malware targeted equipment sold by Schneider Electric SE that’s used in oil and gas facilities.

Triton is unique in that its attackers apparently aren’t interested in causing network damage or stealing data but instead in causing actual damage to equipment. That can include catastrophic failures that in a worst-case scenario could result in the loss of life as well.

The new attempted hack using Triton was detected by researchers at FireEye Inc. who said that they had uncovered an additional intrusion using the same malicious software against a different critical infrastructure site.

As with the previous case, the attack was primarily focused on the unnamed facility’s operational technology, that is systems that are used to manage and monitor physical processes and devices.

“They did not exhibit activities commonly associated with espionage, such as using key loggers and screenshot grabbers, browsing files, and/or exfiltrating large amounts of information,” the researchers said. “Most of the attack tools they used were focused on network reconnaissance, lateral movement and maintaining presence in the target environment.”

Noting the complexity of Triton attacks, it was found that the attackers used both public and custom backdoors along with web shells and credential harvesting tools to avoiding antivirus detection and remain undiscovered.

Remarkably, the attackers were found to have been present in the targeted system for almost a year before gaining access to their final target, an engineering workstation where they attempted to deploy the Triton malware itself.

“This is very targeted malware that can have a significant impact,” Tim Erlin, vice president of product management and strategy at Tripwire Inc., told SiliconANGLE. “We’re not talking about the usual ransomware here. Triton is designed specifically to attack control systems.”

And those are highly specialized systems, he added. “Installing your standard anti-malware software isn’t the right solution,” he said. “The safety system engineers and vendors are the right source for defensive techniques.”

Photo: WClarke/Wikimedia Commons

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.