Massive nation state malware attack shuts down industrial plant
16 December, 2017, 18:52 | Author: Lora Ball
Hackers utilizing the Triton malware have managed to close down industrial operations in the Middle East, researchers have warned.
Both Mandiant and Dragos say that the malware has already been used by hackers in at least one incident.
According to a report seen by Bleeping Computer before publication, the new TRITON malware was specifically built to interact with Triconex Safety Instrumented System (SIS) controllers. Engineering workstations capable of programming SIS controllers should not be dual-homed to any other DCS process control or information system network. They work by reading data from industrial equipment, such as factory machinery, robots, valves, motors, and others.
The new Trojan, which Symantec researchers say has been active since at least September this year, has been created to communicate with a specific type of industrial control system (ICS), namely safety instrumented systems (SIS) controllers produced by Triconex.
They also likely performed advanced reconnaissance on their victim, which FireEye hasn't identified, because they knew it was using Triconex SIS controllers. By taking control of it, hackers can destroy or damage the process the SIS is monitoring by tricking it into thinking everything's normal, when in fact the process is operating at unsafe levels.
A December 14 post on FireEye's website said the malware, which it dubbed TRITON, had been deployed by an attacker to manipulate emergency shutdown capabilities for industrial processes at the facility.
FireEye said it has "not connected this activity to any actor we now track" regarding Triton, however it assessed "with moderate confidence" that it was developed by "a nation state".
Instead, FireEye repeatedly points out in its report that the attackers were highly skilled and came prepared to wreak havoc.
According to the post, an attacker got access to an actual SIS engineering workstation (which was running Windows) before deploying the Triton malware.
Second, the malware included a mechanism to cover its tracks on SIS controllers and remove any clues the device was tampered with.
The Triton malware runs on Windows, but was created to interact with Triconex SIS controllers through an undocumented proprietary protocol that's used by the legitimate TriStation software application.
As for who's behind it, "We have not attributed the incident to a threat actor, though we believe the activity is consistent with a nation state preparing for an attack", researchers said in an analysis.
"Intrusions of this nature do not necessarily indicate an immediate intent to disrupt targeted systems, and may be preparation for a contingency", the FireEye team said, hinting that this could have also been a live field test for a more sinister attack.
Stuxnet was one of the first indicators that such malware exists after the worm was used against industrial players in Iran in 2010, and in 2014, a South Korean nuclear facility was targeted.
In September, Symantec warned that a nation-state group named Dragonfly had ramped up operations against U.S. and European energy firms.
While being questioned by police, Maruna stood by his position that having sex with a minor was not wrong, according to WKBN . Police say Maruna traveled to Austintown thinking he was meeting the boy, but when he got there he was arrested.
Given that this is a pro machine, you can configure up to 128GB of DDR4-2666 ECC memory, and up to 4TB of SSD storage. The company gave the first access to iMac to Marques Brownlee who posted the first hands-on video of iMac Pro .
Approximately four days before moving the tree indoors, place it in this holding area to prep it for the move into the home. Florida's 2017 state Christmas tree was lit at the capitol Wednesday morning by Governor Rick Scott and his wife Ann.
French company Lactalis, one of the largest dairy groups in the world, is headquartered in Laval, western France. It covers millions of baby milk powder products marketed globally under the Milumel, Picot and Celi brands.
The loss of Shai Hope (28), Roston Chase (12), Sunil Ambris (2) and Brathwaite after the rain break Sunday followed that pattern. Remarkably he was out the same way in the first innings in the second innings at Seddon Park.
The assault is the latest in a decade-old battle by the Jihadists to overthrow Somalia's internationally-backed government. An Islamic extremist suicide bomber disguised as a police officer killed more than a dozen after infiltrating the Gen.
The Centers for Disease Control are showing sharp increases in the number of positive tests for the virus. With flu cases on the rise across the country, local health officials urge people to get vaccinated.
This will inevitably lead to more sales, which could see the Nintendo Switch surpassing the PS4 in its first financial year. It's a major return to form for Nintendo, a company that has traditionally held a leadership position in the game industry.
Taylor spent his entire 12-year career with the Pittsburgh Steelers, winning two Super Bowl titles before retiring in 2015. He also pressed his crotch against Cantor's shoulder and asked her to touch it, according to the complaint.
Mum Kris Jenner was then shown wiping away tears on the call, telling her daughter: "I'm just so happy for you". We're honestly a little anxious about Kardashian West's surrogate too .
What the Tech? Free shipping Friday
The online retailer has launched free one-day and same-day delivery for Prime members for the duration of the holiday season. What's more, many retailers are offering special discounts on top of the promise of free shipping with all orders.
Economy adds 228K jobs in November
Average hourly earnings rose five cents or 0.2 percent in November after dipping 0.1 percent the prior month. September's figures, after being reported in the negative after the storms rose to 38,000 from 18,000.
HD streaming support coming to OnePlus 5T, company confirms
OnePlus devices now are certified for the L3 security level - which doesn't allow users to playback content at higher resolutions. Will the OnePlus 5T ever get HD streaming support? The did not give any time frame or talked about the update for the OnePlus 5 .
Clashes erupt outside U.S. embassy in Beirut
Security forces cut off all roads leading to the embassy in northern Beirut to prevent protesters from reaching the mission. Israel occupied southern Lebanon for 22 years before withdrawing in 2000, but the two countries remain technically at war.
Bullied boy's heartbreaking viral video stirs massive support
The original Facebook post by Keaton's mother had been shared over 347,000 times with more than 17 million views as of 3 p.m. So far, Knox County Public Schools have said that there is no Keaton Jones who is "currently enrolled" in the school system.