Triton, the world’s most murderous malware targets at industrial control systems (ICS). Triton is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.
In December 2017 it was reported that the safety systems of a petrochemical plant in Saudi Arabia power station were compromised when the Triconex industrial safety technology made by Schneider Electric SE was targeted.
The computer security company Symantec claimed that the malware, known as “Triton” exploited a vulnerability in computers running the Microsoft Windows operating system. The malware made it possible to take over these systems remotely.
Triton targets industrial control systems (ICS) and has the potential to cause severe disruption in any organization. It is designed to communicate with a specific type of ICS, namely Safety Instrumented Systems (SIS) and deploy alternative logic to these devices, meaning they may not function correctly. The malware then injects code modifying the behaviour of the SIS device.
The hackers behind Triton had tested elements of the code used during the intrusion to make it harder for antivirus programs to detect. Over the past couple of years, cybersecurity firms have been racing to deconstruct the malware and to find out who’s behind it.
Researchers are still digging into the malware’s origins, so more theories about who’s behind it may yet emerge. The hacking group’s identity is yet to be established with certainty.
How to prevent it ?
According to the Government of India’s Ministry of Electronics and Information Technology, as this malware targets the Triconex MP3008 Firmware v10.0-10.4 MPC860 PowerPC Processor, users are advised to update their firmware. Once the latest one or patch is available for that users can properly segregate the physical and logical access to ICS networks by using DMZ and firewall so that unauthorized access can be prohibited.
Properly Logging and monitor every action on the ICS network to quickly identify any suspected traffic. Implement proper redundancy on critical devices to avoid major issues.
To read more about this, Click here