Skip to main content

Researchers Find Malware Targeting Industrial Systems

By January 4, 2018June 9th, 2022Cybersecurity

In the malware ecosystem, few strains are more terrifying than those that target industrial control systems. Think Stuxnet, Industroyer and IronGate. Recently, security researchers from FireEye have identified a new threat in this class of malware. Alternately called “Triton” or “TRISIS,” this new code targets Triconex Safety Instrumented Systems (SIS) controllers, which are manufactured by Schneider Electric. These control systems are found in a wide range of industrial equipment. They are, in effect, the gears that keep the machine of modern industry moving.

So far, there’s suggestive evidence that at least one state-sponsored attack has been carried out using the new strain of malware, although neither the identity of the target of the attack, nor the organization responsible for it have been disclosed. All we know for sure is that the attack was launched against an industrial concern in the Middle East.

The code base of the new threat utilizes the TriStation Protocol, which is a proprietary tool used by Triconex SIS products. There is no public documentation available for the protocol, which suggests that the hackers who developed the malware must have reverse engineered it.

A spokesman for FireEye had this to say about the code in general and the recent attack:

“The attacker gained remote access to an SIS engineering workstation and deployed the Triton attack framework to reprogram the SIS controllers. During the incident, some SIS controllers entered a failed safe state, which automatically shut down the industrial process and prompted the asset owner to initiate an investigation.

The attacker deployed Triton shortly after gaining access to the SIS system, indicating that they had pre-built and tested the tool, which would require access to hardware and software that is not widely available.”

The real danger of software like this is that it can reprogram control systems to ignore when equipment begins operating beyond normal operating parameters, which can lead to physical damage to critical infrastructure.

If deployed against a power station, for instance, it could result in widespread blackouts. If deployed against a nuclear installation, it could send the reactor into a meltdown.

Threats like these are becoming more common by the day, and with hundreds of millions of controllers deployed around the world, it’s just a matter of time before the hackers succeed at hitting close to home.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.