Triton, the world’s most murderous malware targets at industrial control systems (ICS). Triton is consistent with these attacks, in that it could prevent safety mechanisms from executing their intended function, resulting in a physical consequence.
In December 2017 it was reported that the safety systems of a petrochemical plant in Saudi Arabia power station were compromised when the Triconex industrial safety technology made by Schneider Electric SE was targeted.
The computer security company Symantec claimed that the malware, known as “Triton” exploited a vulnerability in computers running the Microsoft Windows operating system. The malware made it possible to take over these systems remotely.
Triton targets industrial control systems (ICS) and has the potential to cause severe disruption in any organization. It is designed to communicate with a specific type of ICS, namely Safety Instrumented Systems (SIS) and deploy alternative logic to these devices, meaning they may not function correctly. The malware then injects code modifying the behaviour of the SIS device.
The hackers behind Triton had tested elements of the code used during the intrusion to make it harder for antivirus programs to detect. Over the past couple of years, cybersecurity firms have been racing to deconstruct the malware and to find out who’s behind it.
Researchers are still digging into the malware’s origins, so more theories about who’s behind it may yet emerge. The hacking group’s identity is yet to be established with certainty.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories