Critical Infrastructure Targeted by Cyber Attack

Critical Infrastructure Targeted by Cyber Attack

cyber attack

This post is also available in: heעברית (Hebrew)

While cyber attacks often stay at the non-physical cyber world, some of them can attack industrial control systems and cause physical damage. It is suspected that hackers working for a nation-state recently invaded the safety system of a critical infrastructure facility in what experts call “a watershed attack” that halted plant operations.

The attack targeted Triconex industrial safety technology from Schneider Electric SE. The company issued a security alert to users of Triconex, which cyber experts said is widely used in the energy industry, including at nuclear facilities, and oil and gas plants.

Cybersecurity firm FireEye recently responded to an incident at a critical infrastructure organization where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes. The attacker was developing the capability to cause physical damage and inadvertently shutdown operations.

This TRITON malware is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers, according to homelandsecuritynewswire.com.

The attacker gained remote access to an SIS engineering workstation and deployed the TRITON attack framework to reprogram the SIS controllers.

TRITON is one of a limited number of publicly identified malicious software families targeted at industrial control systems (ICS). It is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.