Hackers likely working for a nation-state recently penetrated the safety system of a critical infrastructure facility in an attack that caused operations to shut down, according to cyber security firm FireEye Inc, which said it investigated the incident.
Experts of FireEye have spotted a new unsafe malware now known as Triton or Trisis.
A December 14 post on FireEye's website said the malware, which it dubbed TRITON, had been deployed by an attacker to manipulate emergency shutdown capabilities for industrial processes at the facility.
Researchers at FireEye said that they could assess with moderate confidence that hackers behind the latest cyber-attack on Schneider Electric SE were state-sponsored.
The company didn't identify the attacker that unleashed TRITON, but it said the activity was "consistent with a nation state preparing for an attack".
Triton is a rare piece of malware that, like the infamous Stuxnet worm which sabotaged Iran's nuclear program, is capable of reprogramming industrial controllers.
"The investigation found that the SIS controllers initiated a safe shutdown when application code between redundant processing units failed a validation check - resulting in an MP diagnostic failure message", the post said.
NASA Discovers New 'Super-Earth' Planet 2545 Light-Years Away From Us
They plan to follow up these discoveries by using AI to examine the entire Kepler system, which is comprised of 150,000 stars. The latter, a scorching, rocky mass 30 per cent larger than Earth, is the eighth planet found to be orbiting the same star.
Federal Reserve raises interest rates as attention turns to 2018
Trump has said his tax package will increase growth to 4%, a figure Yellen described as "challenging". Still, the outgoing Fed chair said the US central bank welcomed tax changes to help grow the economy.
S.Korea, China Say War 'Can't Be Tolerated' on Korean Peninsula
The South Koreans should have "found an equilibrium" between the media's needs and the guards' "professional requirements". Moon kicked off the second day of his visit to China by eating breakfast at a local restaurant in Beijing.
"If the process exceeds the parameters that define a hazardous state, the SIS attempts to bring the process back into a safe state or automatically performs a safe shutdown of the process".
Hackers have been spotted attempting to manipulate critical industrial safety systems to cause physical damage. In the past decade, the SIS and DCS environments have become increasingly integrated for ease of use and cost savings.
While there is still no reliable information which specific factory Triton has compromised or even in which country it appeared, it is clear that its primary target is Triconex products developed by the well-known Schneider Electric company.
Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks, they said. This means the attackers had access to specialized hardware and software that's not widely available, which allowed them to reverse-engineer the protocol. Safety instrumented systems protect humans from physical harms, chemical leaks or explosions.
The researchers also asked asset owners to monitor ICS network traffic for unexpected communication flows and to implement strict access control and application whitelisting on any server or workstation endpoints that can reach the SIS system. Instead, the attempted to write functional control logic that they hoped would remain undetected, which suggests they had a longer-term goal.
"Intrusions of this nature do not necessarily indicate an immediate intent to disrupt targeted systems, and may be preparation for a contingency". It has to be modified for each victim, because industrial safety systems can be unique and exploiting them requires understanding the processes they control, Dragos said.
SIS controllers are special equipment installed in production lines and other industrial setups. These usually take the form of switches controlled by a physical key.