Hackers halt plant operations in landmark attack

Share

"Compromising both the DCS and SIS system would enable the attacker to develop and carry out an attack that causes the maximum amount of damage allowed by the physical and mechanical safeguards in place". "Never leave the front panel key position in the "Program" mode when not actively configuring the controller", Schneider Electric wrote in an advisory.

The US government and private cyber-security firms have issued public warnings over the past few years about attempts by hackers from nations including Iran, North Korea and Russian Federation and others to attack companies that run critical infrastructure plants in what they say are primarily reconnaissance operations.

The accidental outage was likely the result of the Triconex SIS, or "safety instrumented system". Although the hackers were likely seeking the ability to cause physical damage inside the facility, the November shutdown was likely not deliberate.

Online attackers infiltrated a critical-infrastructure network, compromising systems and deploying malware created to manipulate a system that could have shut down industrial processes, security firm FireEye warned in an advisory published on December 14. One, "Stuxnet", was reportedly utilized in 2010 by the USA and Israel to target Iran's nuclear program. In December of 2015 and again in December of past year, hackers breached security inside Ukrainian electric facilities and used their unauthorized access to cause power outages during one of the coldest months in Eastern Europe.

Stranger rescues man who falls on subway tracks
Passengers miraculously saved a passed out man on Brooklyn subway tracks at the Avenue H station in Flatbush. The man was taken to Kings County Hospital in serious condition.

Triton is a specialised malware variant like Stuxnet and Industroyer and is used by hackers to target essential systems at critical infrastructure organisations.

To ensure the safety of those employed by critical infrastructure organisations and to prevent physical after-effects of any cyber-attack on such an organisation, the researchers are asking asset owners to follow a number of recommendations.

"The investigation found that the SIS controllers initiated a safe shutdown when application code between redundant processing units failed a validation check - resulting in an MP diagnostic failure message", FireEye says. The malware also had the capability to communicate with Triconex SIS controllers and remotely reprogram them with an attacker-defined payload.

"If the process exceeds the parameters that define a hazardous state, the SIS attempts to bring the process back into a safe state or automatically performs a safe shutdown of the process".

S.Korea, China Say War 'Can't Be Tolerated' on Korean Peninsula
China and South Korea agreed in October to normalise exchanges and move past the dispute, which froze trade and business links. He and another photographer, who was less seriously hurt, were due to return to South Korea on Friday for further treatment.

The failure occurred during the time period when TRITON was used.

"The attacker deployed TRITON shortly after gaining access to the SIS system, indicating that they had pre-built and tested the tool which would require access to hardware and software that is not widely available". This suggests the attacker was intent on causing a specific outcome beyond a process shutdown.

'Industrial companies, with operations at risk, should look to proven technologies that leverage artificial intelligence and machine learning to continuously monitor industrial controls systems networks for anomalies that detect and mitigate possible attacks that could cause harm to the industrial control systems, ' he added. The researchers based that assessment on the targeting of critical infrastructure, the persistence of the attackers, the lack of a financial reward, and the technical resources needed to make the malware work. According to FireEye, the hackers behind the malware are likely state-sponsored. Researchers at antivirus provider Symantec also provided a brief analysis here.

Post offices prepare for holiday shipping
"We ask customers that are expecting a package to please turn on their porch light so our letter carriers can deliver safely". Instead, the Postal Service predicts the week of December 18 - 24 to be the busiest mailing, shipping, and delivery week.

Share