UPDATED 22:31 EDT / DECEMBER 14 2017

INFRA

Triton malware targets oil and gas assets in the Middle East

A disturbing new form of malware that targets industrial equipment has been discovered in the wild in what may be a serious state-sponsored attack.

Dubbed “Triton” by researchers at FireEye Inc., the malware is said to have already shut down the operations of a critical infrastructure organization in the Middle East and is continuing to be deployed by those behind it. The name of the company wasn’t disclosed, but the malware is said to target equipment sold by Schneider Electric SE that is used in oil and gas facilities.

Schneider Electric specializes in energy management and automation solutions, spanning hardware, software and services. In particular, the malware was designed to disable Schneider’s Triconex product line. The webpage for Triconex describes the offering as “safety instrumented systems” that provide “solutions to protect people, the surrounding communities and the environment, while keeping production operating safely and continuously, throughout the life of your assets.”

FireEye notes in its report that the fact that the attacker targeted Schneider’s SIS suggests “an interest in causing a high-impact attack with physical consequences” and that the “attack objective not typically seen from cyber-crime groups.” Put more simply, whoever is behind the attack was looking to cause physical harm as opposed to trying to gain some sort of financial return.

Who did it is complete speculation at this point, but given that it’s known that the attack occurred in the Middle East, there are some likely contenders for victim and attacker. Earlier this year, the Gulf States and Egypt cut off diplomatic relations with Qatar over the country’s alleged links to Iran. The “Qatar Diplomatic Crisis” remains ongoing, so it’s possible the attack involved countries party to the dispute.

With the Triton malware now in the wild, FireEye recommends that asset owners should consider segregating safety system networks from process control and information system networks, leveraging hardware features that provide for physical control of safety controllers, and a number of other steps to protect themselves from a Triton attack.

Photo: U.S. Navy/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU