This is an escalation of the risk profile and it targets industrial facilities were an induced problem can become catastrophic and also lead to months long shutdown.
The counter of course is military grade compartmentalization and general security. So long as we have nation states pretending to be at war, this becomes necessary.
This also applies to large corporations were taking a competitor off line can be very helpful. Imagine rogue attacks on computerized milk handling? Now consider that there is big money doing this and it stops been absurd.
This proves capability now.
Triton is the world’s most murderous malware, and it’s spreading
The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.
The hackers had deployed malicious software, or malware, that let them take over the plant’s safety instrumented systems. These physical controllers and their associated software are the last line of defense against life-threatening disasters. They are supposed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering things like shutoff valves and pressure-release mechanisms.
The malware made it possible to take over these systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm. It triggered a response from a safety system in June 2017, which brought the plant to a halt. Then in August, several more systems were tripped, causing another shutdown.
Some notable cyber-physical threats
- 2010 💥 Stuxnet Developed by America’s National Security Agency, working in conjunction with Israeli intelligence, the malware was a computer worm, or code that replicates itself from computer to computer without human intervention. Most likely smuggled in on a USB stick, it targeted programmable logic controllers which govern automated processes, and caused the destruction of centrifuges used in the enrichment of uranium at a facility in Iran.
- 2013 🕵️♂️ Havex Havex was designed to snoop on systems controlling industrial equipment, presumably so that hackers could work out how to mount attacks on the gear. The code was a remote access Trojan, or RAT, which is cyber-speak for software that lets hackers take control of computers remotely. Havex targeted thousands of US, European, and Canadian businesses, and especially ones in the energy and petrochemical industries.
- 2015 ⚡️ BlackEnergy BlackEnergy, which is another Trojan, had been circulating in the criminal underworld for a while before it was adapted by Russian hackers to launch an attack in December 2015 on several Ukranian power companies that helped trigger blackouts. The malware was used to gather intelligence about the power companies’ systems, and to steal log-in credentials from employees.
- 2016 ⚡️ CrashOverride Also known as Industroyer, this was developed by Russian cyber warriors too, who used it to mount an attack on a part of Ukraine’s electrical grid in December 2016. The malware replicated the protocols, or communications languages, that different elements of a grid used to talk to one another. This let it do things like show that a circuit breaker is closed when it’s really open. The code was used to strike an electrical transmission substation in Kiev, blacking out part of the city for a short time.
Triton: a timeline
- 2014 Hackers gain access to network of Saudi plant
- June 2017 First plant shutdown
- August 2017 Second plant shutdown
- December 2017 Cyberattack made public
- October 2018 Fireeye says Triton most likely built in Russian lab
- January 2019 More details emerge of Triton incident response