A highly capable malware reportedly used in a failed plot to blow up a Saudi petrochemical plant has now been linked to a second compromised plant
FireEye researchers say the unnamed ‘critical infrastructure’ facility was the latest victim of the powerful Triton malware, the umbrella term for a series of malicious custom components used to launch directed attacks.
Triton, previously linked to the Russian government, is designed to burrow into the networks of a target and sabotage their industrial control systems, often used in power plants and oil refineries to control the facility’s operations. By compromising these controls, a successful attack can cause significant disruption–including destruction.
Commenting on this, Israel Barak, CISO at Cybereason said, “Threat actors moving deliberately and stealthy for months if not years have one goal in mind and that’s not getting caught. This latest attack is not likely being carried out by amateurs. In general, risks to critical infrastructure such as industrial control systems can actually be minimised and managed.”
“However, threats against this industry, in particular, will never be completely eradicated. Cybereason’s 2018 ICS honeypot enabled us to observe threat actors attacking networks in this industry and what we learned is invaluable. Overall, threats to critical infrastructure is something that security products and practitioners are very good at combating. By paying attention to hygiene and best practices, companies running ICS can greatly reduce their risk despite the threats they face,” he added.
“However, most countries are still vulnerable to cyber-attacks on critical infrastructure because the systems are generally old and poorly patched. Power grids are interconnected and thus vulnerable to cascading failures. If an attacker knows which substation to take offline or cause a surge in, they can take down significant portions of the grid without conducting a large number of intrusions,” he further added.
“Beyond power generation, there are significant localised effects a hacker can create by going after sewage/water treatment, industrial chemical production, or the transportation system. Again, diligence, persistence and improved security hygiene can greatly reduce risks,” he concluded.
