Hackers halt plant operations in landmark attack

Share

"Compromising both the DCS and SIS system would enable the attacker to develop and carry out an attack that causes the maximum amount of damage allowed by the physical and mechanical safeguards in place". "Never leave the front panel key position in the "Program" mode when not actively configuring the controller", Schneider Electric wrote in an advisory.

The US government and private cyber-security firms have issued public warnings over the past few years about attempts by hackers from nations including Iran, North Korea and Russian Federation and others to attack companies that run critical infrastructure plants in what they say are primarily reconnaissance operations.

The accidental outage was likely the result of the Triconex SIS, or "safety instrumented system". Although the hackers were likely seeking the ability to cause physical damage inside the facility, the November shutdown was likely not deliberate.

Online attackers infiltrated a critical-infrastructure network, compromising systems and deploying malware created to manipulate a system that could have shut down industrial processes, security firm FireEye warned in an advisory published on December 14. One, "Stuxnet", was reportedly utilized in 2010 by the USA and Israel to target Iran's nuclear program. In December of 2015 and again in December of past year, hackers breached security inside Ukrainian electric facilities and used their unauthorized access to cause power outages during one of the coldest months in Eastern Europe.

International Business Machines Corporation (IBM) Makes An Interesting Case Right Now
The technology company reported $3.30 earnings per share for the quarter, beating the consensus estimate of $3.28 by $0.02. Stewart & Patten Communications holds 2.31% in International Business Machines Corporation (NYSE: IBM ) or 80,594 shares.

Triton is a specialised malware variant like Stuxnet and Industroyer and is used by hackers to target essential systems at critical infrastructure organisations.

To ensure the safety of those employed by critical infrastructure organisations and to prevent physical after-effects of any cyber-attack on such an organisation, the researchers are asking asset owners to follow a number of recommendations.

"The investigation found that the SIS controllers initiated a safe shutdown when application code between redundant processing units failed a validation check - resulting in an MP diagnostic failure message", FireEye says. The malware also had the capability to communicate with Triconex SIS controllers and remotely reprogram them with an attacker-defined payload.

"If the process exceeds the parameters that define a hazardous state, the SIS attempts to bring the process back into a safe state or automatically performs a safe shutdown of the process".

Halle Berry & Alex Da Kid Reportedly Split
Berry also has a nine-year-old daughter Nahla with her French-Canadian ex Gabriel Aubry . The Oscar victor wrote just that in an Instagram Story on Wednesday, December 13.

The failure occurred during the time period when TRITON was used.

"The attacker deployed TRITON shortly after gaining access to the SIS system, indicating that they had pre-built and tested the tool which would require access to hardware and software that is not widely available". This suggests the attacker was intent on causing a specific outcome beyond a process shutdown.

'Industrial companies, with operations at risk, should look to proven technologies that leverage artificial intelligence and machine learning to continuously monitor industrial controls systems networks for anomalies that detect and mitigate possible attacks that could cause harm to the industrial control systems, ' he added. The researchers based that assessment on the targeting of critical infrastructure, the persistence of the attackers, the lack of a financial reward, and the technical resources needed to make the malware work. According to FireEye, the hackers behind the malware are likely state-sponsored. Researchers at antivirus provider Symantec also provided a brief analysis here.

Analysts See Coca-Cola European Partners plc (CCE) Rising 11.1%
A number of large investors have recently bought and sold shares of the stock. 25 funds opened positions while 61 raised stakes. Teachers Insurance & Annuity Association Of America increased Coca Cola Co (KO) stake by 32.78% reported in 2017Q2 SEC filing.

Share