Critical Infrastructure Attacks Become More Ominous

Critical infrastructure attacks are a concern for every nation and every citizen alike. A disruption to any of our major utilities such as Power, gas and water could cripple entire metro-areas here in the United States.

We’ve written about the vulnerability of critical infrastructure many times. In 2017 we discussed a hack of a Texas tornado warning system and last year we discussed sub-station vulnerabilities.

From IT to OT

The typical infrastructure attack unfolds as follow. The IT network gets hacked from any of the usual attack vectors (phishing, spearphishing, unpatched vulnerability etc.). Once the hacker has control he makes his way over to the OT network and begins working to achieve some level of operational control capability.

From OT to SIS

In the latest twist on critical infrastructure vulnerability, FireEye is now reporting that hacking groups are using a sophisticated piece of malware known as Triton to move beyond the OT systems and into the SIS (Safety Instrumented System). This is a serious concern since the hacker’s might be able to override or disable safety warnings and protocols that would otherwise prevent potentially dangerous situations.

FireEye first reported on Triton in late 2017 after uncovering it as part of a sophisticated critical infrastructure attack. Triton has now been found again. Here is what FireEye reports:

“After establishing an initial foothold on the corporate network, the TRITON actor focused most of their effort on gaining access to the OT network. They did not exhibit activities commonly associated with espionage, such as using key loggers and screenshot grabbers, browsing files, and/or exfiltrating large amounts of information. Most of the attack tools they used were focused on network reconnaissance, lateral movement, and maintaining presence in the target environment.

The actor was present in the target networks for almost a year before gaining access to the Safety Instrumented System (SIS) engineering workstation. Throughout that period, they appeared to prioritize operational security.”

Industrial Control Systems are Vulnerable

FireEye’s research indicates that the malicious actor deploying Triton and related tools has been operational since 2014 which leads to speculation that the number of affected (infected?) critical infrastructure networks could by this time be quite large. FireEye’s advice is that ICS asset owners should implement security solutions that focus on both detection and defense across their IT and OT Windows based systems.

Konsultek Holistic Security Solutions

Konsultek specializes in holistic security solutions that detect, defend and neutralize threat actors using cutting edge technologies from the world’s leading security companies.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here:

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.


© Copyright 2018 Konsultek