Critical Infrastructure (CI) Targeted Again and Again and Again
Critical infrastructure (CI) is one of the underlying backbones of our civilization. This aspect supports virtually all we are actively involved in. If you like to use electricity for your electronics (e.g. computers, laptops, tablets, television, radio, etc.), fresh water, sewage leaving your home, etc., then a certain new malware sample should grab your attention.
Malware directed at the energy industry is not new. There have been dams attacked in the US. nuclear power plants across the globe, and other CI industries. The equipment implemented in the industries also has been targeted for their respective vulnerabilities.
The latest malware is an example of the latter. This targets the Triconex Safety Instrumented System (SIS) manufactured by Schneider Electric and has been named Triton or Tricis. This equipment is part of the industrial control system (ICS) for the utilities. This is designed to work in an autonomous fashion to monitor systems within the utility and shut a system down if there is a safety issue. This malware was coded to, when implemented against the vulnerability to read and write programs and functions, along with querying the SIS controller. The attacker, with the deployed malware, is able to modify the SIS logic to shut down, indicating an unsafe reading, when the system may be operating fine without an issue.
There naturally would be financial issues to the utility, however there may also be damage to the equipment and facility if this were to be reversed and the equipment were to allow for unsafe conditions to continue unchecked.
The IC and ICS systems will continue to be targeted as time passes. With an attack here, the result from the compromise would rather significant detriment.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.