Hackers use Triton malware to shut down plant, industrial systems

Triton malware corrupts Triconex SIS systems

A nation-state may be behind the effort to "cause physical damage" to critical infrastructure, security firm FireEye said in a Thursday report.

'Industrial companies, with operations at risk, should look to proven technologies that leverage artificial intelligence and machine learning to continuously monitor industrial controls systems networks for anomalies that detect and mitigate possible attacks that could cause harm to the industrial control systems, ' he added.

The malware was created to manipulate the systems which provide emergency shutdown to prevent physical damage being caused if industrial processes go wrong.

UPDATE: The FireEye report on the TRITON malware is now live, here.

A new malware specifically created to target industrial control systems (ICS) of critical infrastructure has been discovered by security researchers. "We base this on the fact that the attacker initially obtained a reliable foothold on the DCS and could have developed the capability to manipulate the process or shut down the plant, but instead proceeded to compromise the SIS system". Mandiant's investigators think they meant to use the breach to cause damage to the plant.

"We assess with moderate confidence that the attacker's long-term objective was to develop the capability to cause a physical effect", the FireEye researchers said. Last year, one such attack known as Industroyer was used to disrupt Ukraine's power grid.

Ex-'Apprentice' star Omarosa denies White House firing
The White House also said that Newman's departure would take effect on January 20, exactly a year after Trump was sworn in. She noted that while she more access than most people, she came into the Oval Office only when the president asked her to.

Stuxnet reportedly destroyed up to 1,000 centrifuges at the Iranian uranium enrichment facility in Natanz.

Nevertheless, Triton provides hackers a blueprint on how to go about attacking critical infrastructure. Still, it represents a new paradigm in industrial control hacking that's likely to be copied in future breaches. However, another security firm called Dragos also discovered the malicious code, and said it targeted at least one victim in the Middle East. Elsewhere, the researchers continued: "While Trisis appears to be focused, ICS owners and operators should view this event as an expansion of ICS asset targeting to previously untargeted SIS equipment".

The attacker deployed Triton shortly after gaining access to the SIS system, indicating that the group had pre-built and tested the tool.

"Modifying the SIS could prevent it from functioning correctly, increasing the likelihood of a failure that would result in physical consequences", the firm said.

Describing the hackers' operation and capabilities demonstrated by Triton, the researchers said that Triton was built with a number of features, including the ability to read and write programs, read and write individual functions and query the state of the SIS controller.

It is not likely that existing or external conditions, in isolation, caused a fault during the time of the incident. The team believes that Triton, which can reprogram Triconex safety instrumented system (SIS) controllers, caused a failed validation check between redundant units, which forced an industrial process into a failed safe state.

Related news:

Hot News

isis-killer-beheading-video-story-top Shopping online? Here's how to get free shipping Friday
Dec 16, 2017 - 18:52
Talbots: Every order comes with free shipping, and from now through Sunday, shoppers get 40% off one item or 50% off two items. Some retailers may not allow over-sized or personalized items to be included in the offer, according to FreeShippingDay.com.

isis-killer-beheading-video-story-top The Salvation Army holds toy distribution to help families in need
Dec 15, 2017 - 09:21
Police in Dunwoody, Georgia, are working to find a boy who stole a Salvation Army kettle . They stood outside the store and asked shoppers to contribute money to the kettle.

isis-killer-beheading-video-story-top Keep your Christmas tree hydrated
Dec 15, 2017 - 09:13
And once Christmas passes, that tree can be placed outside for birds and other wildlife to enjoy during those cold winter days. Madison firefighters demonstrated exactly why you need to stay on top of that with an exercise that illustrated the dangers.

isis-killer-beheading-video-story-top Kid Hilariously Steals Baby Jesus From Manger During Live Nativity Scene
Dec 15, 2017 - 09:09
Teegan took the baby doll again, and that's when a full-on preschool brawl broke out at the church Nativity pageant. Clearly, that's something her daughter understands very well already. "We were crying laughing", she told ABC News.

isis-killer-beheading-video-story-top Flu Widespread in New York This Season: Health Dept.
Dec 15, 2017 - 09:06
Influenza-like illness activity is reported low in Central Massachusetts , according to the state DPH. But when you have the flu , you're more likely to have muscle pains, headaches, or even a fever.

isis-killer-beheading-video-story-top Apple invests $390 million in US-made iPhone lasers
Dec 15, 2017 - 08:22
Apple released tools for app makers to start creating AR apps over the summer and enabled it on all iPhones back to the iPhone 6s. When combined with the company's nearby plant in Allen, Texas, Finisar's payroll in Northern Texas is expected to be $65 million.

isis-killer-beheading-video-story-top NASA's Juno Orbiter Explores Depths of Jupiter's Great Red Spot
Dec 14, 2017 - 18:26
The radiation bands are above the equator and around the planet's high latitudes, where spacecraft had not previously explored. On Monday, scientists said that Juno had discovered a new area of radiation just above the planet's atmosphere at the equator.

Death toll from Mogadishu police academy attack rises to 13
Dec 14, 2017 - 18:21
Earlier, the head of a local ambulance service said they had moved the bodies of 13 victims as well as 15 injured people. Officers said the toll could have been far worse had the attacker detonated his bomb in the centre of the crowd.

Crytek is suing Star Citizen's developers over breach of contract
Dec 14, 2017 - 18:19
As we reported in 2016, CIG and RSI began selling two distinct games - Squadron 42 and the Star Citizen Persistent Universe. One of the complaints is that Cloud Imperium Games is using Lumberyard from Amazon, based on CryEngine.

isis-killer-beheading-video-story-top Bumper sales for United Kingdom retailers in November: ONS
Dec 14, 2017 - 18:12
Sales in the three months to November grew by just 1.0 percent compared with a year earlier, the weakest since May 2013. But home furnishings company Carpetright CPRC.L cut forecasts after warning of fragile consumer confidence.

isis-killer-beheading-video-story-top Samsung announces new Notebook 9 series powered by Windows 10
Dec 14, 2017 - 18:11
Samsung's next-generation premium notebooks have been announced ahead of the annual Consumer Electronics Show (CES). Joining the Pen version are the three aforementioned Notebook 9 2018 models, their weights ranging up to 2.84lbs.

isis-killer-beheading-video-story-top U.S. ready for talks with North Korea 'without preconditions', says Rex Tillerson
Dec 13, 2017 - 06:39
North Korea's pursuit of nuclear weapons technology has led to heavy US-led sanctions against the regime. And so we continue to indicate to them, we need a period of quiet .

isis-killer-beheading-video-story-top AAA: Gas prices drop to five-week lows
Dec 13, 2017 - 06:35
Test vehicles included a Ford Mustang GT, Jeep Renegade, Mazda MX-5 Miata, Cadillac Escalade ESV, Audi A-3, and Ford F150 XLT. AAA Northeast found in its weekly survey released Monday that the price of self-serve, regular is averaging $2.49 per gallon.

isis-killer-beheading-video-story-top Netflix Creepily Trolls 53 Fans Watching 'Christmas Prince', Twitter Claps Back
Dec 13, 2017 - 06:21
Check out what Netflix has on deck, including their original, " A Christmas Prince ", and so many more. -How many employees have access to people's viewing habits?

isis-killer-beheading-video-story-top Nintendo Switch Passes 10 Million in Worldwide Sales
Dec 13, 2017 - 06:21
It has been revealed that Nintendo sold more Nintendo Switch consoles in its first nine months than Wii U units in its lifetime . Being able to play on the big TV or the consoles in-built screen on the go, there are no home squabbles with this one.