Triton is the world's most murderous malware, and it's spreading

[InfoSec News <alerts () infosecnews org>]

https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/

By Martin Giles
MIT Technology Review
March 5, 2019

As an experienced cyber first responder, Julian Gutmanis had been called plenty 
of times before to help companies deal with the fallout from cyberattacks. But 
when the Australian security consultant was summoned to a petrochemical plant 
in Saudi Arabia in the summer of 2017, what he found made his blood run cold.

The hackers had deployed malicious software, or malware, that let them take 
over the plant’s safety instrumented systems. These physical controllers and 
their associated software are the last line of defense against life-threatening 
disasters. They are supposed to kick in if they detect dangerous conditions, 
returning processes to safe levels or shutting them down altogether by 
triggering things like shutoff valves and pressure-release mechanisms.

The malware made it possible to take over these systems remotely. Had the 
intruders disabled or tampered with them, and then used other software to make 
equipment at the plant malfunction, the consequences could have been 
catastrophic. Fortunately, a flaw in the code gave the hackers away before they 
could do any harm. It triggered a response from a safety system in June 2017, 
which brought the plant to a halt. Then in August, several more systems were 
tripped, causing another shutdown.

The first outage was mistakenly attributed to a mechanical glitch; after the 
second, the plant's owners called in investigators. The sleuths found the 
malware, which has since been dubbed "Triton" (or sometimes "Trisis") for the 
Triconex safety controller model that it targeted, which is made by Schneider 
Electric, a French company.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_