Freshly discovered malware called Triton can compromise safety systems that control many kinds of industrial processes.
For years, security experts have been warning that hackers can disable systems that control critical infrastructure we all rely on, such as dams and power plants. Now researchers at Mandiant, which is part of the security firm FireEye, have revealed that a new form of malware, dubbed Triton, closed down the operations of a business in the Middle East belonging to Schneider Electric, a French company. The researchers say that they haven’t attributed the hack to a particular attacker, but they do say it bore hallmarks of threats from a nation-state.
Triton appears to have targeted a so-called safety instrumented system, or SIS, which monitors the operation of a physical process using sensors and acoustics. By taking control of it, hackers can destroy or damage the process the SIS is monitoring by tricking it into thinking everything’s normal, when in fact the process is operating at unsafe levels.
In Schneider Electric’s case, hackers were able to compromise an SIS workstation. Mandiant’s investigators think they intended to use the breach to cause damage to the plant. But they inadvertently triggered a shutdown of the industrial process, which led managers at the facility to launch an investigation that revealed the breach.
The latest incident follows others that have underlined the vulnerability to cyberattack of factories and critical infrastructure. In 2010, malware known as Stuxnet infected multiple sites in Iran, in one case destroying centrifuges at a uranium enrichment plant. Last year, an attack on Ukraine’s power grid using malware called Industroyer plunged a large chunk of the country’s capital, Kiev, into darkness (see “A Hack Used to Plunge Ukraine into Darkness Could Still Do Way More Damage”).
The growing threat of such attacks prompted the U.S. Computer Emergency Readiness Team, which operates under the auspices of the Department of Homeland Security and the FBI, to issue a strongly worded alert in October about the risks to numerous sectors, from nuclear power to water and aviation. Some researchers say Triton has been active since September, so it’s possible that its emergence triggered the US-CERT warning.
A study published earlier this year by MIT’s Center for International Studies noted that the pressure to make older equipment in many power plants and other facilities compatible with next-generation Internet-connected hardware has made matters worse. The rush to hook up legacy systems to the Web can leave them vulnerable to attack (see “Patching the Electric Grid”).
It could also leave companies vulnerable to huge lawsuits. “Triton underscores the need for factories and utilities to ... rethink their control and cyberdefense strategies,” said Creighton Magid, a lawyer at Dorsey & Whitney, in an e-mailed statement about the new hack. “The laggards are going to face huge financial risks.”
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
IBM wants to build a 100,000-qubit quantum computer
The company wants to make large-scale quantum computers a reality within just 10 years.
The inside story of New York City’s 34-year-old social network, ECHO
Stacy Horn set out to create something new and very New York. She didn’t expect it to last so long.
Making the world a data-driven place with the cloud
Cloud data modernizations is a key enabler to spur innovation and get real value out of your data, says PwC’s Anil Nagaraj and Microsoft’s Kim Manis.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.