Blackout: Critical Infrastructure Attacks Will Soar in 2018, February 09, 2018, with comments by Satya Gupta;

Triton malware infects Schneider Electric SIS

Attacks on industrial control systems (ICS) have already begun. The Triton, aka Trisis attack, discovered in December 2017, targeted Schneider Electric’s Triconex Safety Instrumented System (SIS) and infected a critical Middle East infrastructure. The attack likely began with a social engineering and phishing ploy that tricked an employee into sharing logon credentials. The perpetrators then gained access to the system and planted malware into the system.

View Schneider Electric presentation on YouTube

Why ICS infrastructures are vulnerable to attack

Critical infrastructures are particularly vulnerable to attackers because their systems are older, built on the security premise that IT and OT networks were “air-gapped” or separated from each other and the Internet, which didn’t exist when most ICS came into being. But fast forward to modern times, where IT and OT networks have converged more than anyone anticipated and cloud services provide these systems now with online access, advantages and conveniences. But those same routes are also the pathways hackers now use to gain access.

Triton was discovered by security vendors FireEye and Dragos. The good news is, in the end, the attackers didn’t pull off their intended objective, which may have been a reconnaissance mission. Instead, it appears they accidentally activated the system’s safety system, which, once it detects something amiss, is designed to shut everything down. Quite the stroke of luck that the attackers inadvertently foiled their own plan.

"Reconnaissance, pivoting, and dwelling at length within networks are common strategies for advanced hackers," says Satya Gupta, chief technology officer at Virsec Systems, a supplier of application security systems. "Their goal certainly would have been bigger than to trip a relatively benign shutdown." Gupta went on to say "Many legacy industrial control systems were designed with 'security by isolation.’ However, with increasingly connected systems, isolation is hard to find, and it is not adequate as a security strategy."

”Air gap” security no longer a protection for ICS

Consequently, the previous comfort of “air-gapped” systems is no longer pertinent in most cases and rather, has become its own security gap. ICS organizations need to be taking immediate and proactive steps to protect their IT and OT system interactions as well as exposure to the Internet.

At this year’s recent S4 Conference for the ICS industry, Schneider Electric gave a video presentation of the details about this attack. The details offered provide great insight into the nature of attacks such as these as well as transparency into their own response to such situations.

View Schneider Electric presentation on YouTube

Read full article, Critical Infrastructure Attacks to Soar article,

Read full Critical Infrastructure Attack article