Saturday, 22 September 2018
Latest news
Main » Cyber experts identify new malware targeting critical infrastructure

Cyber experts identify new malware targeting critical infrastructure

16 December 2017

"Mandiant recently responded to an incident at a critical infrastructure organization where an attacker deployed malware created to manipulate industrial safety systems", Mandiant researchers wrote. FireEye was able to "assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations". This malware reportedly is an attack framework built to interact with certain industrial controllers, crippling safety features and potentially causing a physical system failure. Mandiant's investigators think they meant to use the breach to cause damage to the plant.

FireEye said it has "not connected this activity to any actor we now track" regarding Triton, however it assessed "with moderate confidence" that it was developed by "a nation state". Since the "Stuxnet" virus was used against Iranian nuclear power plants in 2010, there have been fewer than five known families.

Both Mandiant and Dragos say that the malware has already been used by hackers in at least one incident.

Man Tried To Trade Chicken Alfredo For Sex With Teen
The undercover officer began communicating with Maruna after creating a profile on a dating app, reports say. Maruna, according to investigators, sent naked photos of himself to the teen and planned to meet on Tuesday.

Triton appears to have targeted a so-called safety instrumented system, or SIS, which monitors the operation of a physical process using sensors and acoustics.

According to the post, an attacker got access to an actual SIS engineering workstation (which was running Windows) before deploying the Triton malware. In the past decade, the SIS and DCS environments have become increasingly integrated for ease of use and cost savings.

To ensure the safety of those employed by critical infrastructure organisations and to prevent physical after-effects of any cyber-attack on such an organisation, the researchers are asking asset owners to follow a number of recommendations. According to FireEye, the hackers behind the malware are likely state-sponsored. That would require access to hardware and software that's not widely available to the average cybercrime group.

BCCI confirms India as 2023 ICC World Cup, 2021 Champions Trophy host
The last bilateral series between the two cricketing-giants was played in 2013 in India featuring three ODis and two T20Is. Atif Mashal, the Afghanistan Cricket Board (ACB) chairman, said on Twitter that the date and venue will be announced soon.

They also likely performed advanced reconnaissance on their victim, which FireEye hasn't identified, because they knew it was using Triconex SIS controllers. "The attacker could have caused a process shutdown by issuing a halt command or intentionally uploading flawed code to the SIS controller to cause it to fail", FireEye researchers said. Instead, the attempted to write functional control logic that they hoped would remain undetected, which suggests they had a longer-term goal.

A nation-state may be behind the effort to "cause physical damage" to critical infrastructure, security firm FireEye said in a Thursday report.

"Intrusions of this nature do not necessarily indicate an immediate intent to disrupt targeted systems, and may be preparation for a contingency", the FireEye team said, hinting that this could have also been a live field test for a more sinister attack.

Salvation Army to distribute toys at new location
The salvation army bell ringers are struggling to meet the usual dollar amount this Christmas season. They stood outside the store and asked shoppers to contribute money to the kettle.

Dragos Inc. founder Rob Lee told Wired that he doesn't expect this particular method of attack to show up in North America or Europe, "but the adversary has created a blueprint to go after safety systems".

Cyber experts identify new malware targeting critical infrastructure