Cybercrime , Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development

How Triton Malware Targets Industrial Control Systems

Drago's Sergio Caltagirone on 'Safety vs. Security'
Sergio Caltagirone, director of threat intelligence and analytics, Dragos

Industrial control systems run the technology used in advanced manufacturing, pharmaceuticals, electricity generation, oil and gas, power plants used by hospitals and much more.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

Thankfully, these systems have been relatively immune to online attacks because every ICS environment is unique, meaning that attackers bent on crashing a local power grid or some other environment would need time, money and patience to study the network and determine how to disrupt it, says Caltagirone, director of threat intelligence and analytics at Dragos.

In addition, would-be attackers would have to contend with not only infiltrating operations systems, but also robust security systems designed to ensure that operational systems don't fail or do what they're not supposed to do.

"Unfortunately this fall, we found out that an oil and gas facility was attacked, and there was a live adversary with a piece of malware that is designed to disrupt and disable the safety systems," he says, referring to malware known as both Triton and Trisis (see How Malware Known as Triton Threatens Public Safety).

"We think they were using this piece of malware to manage the safety system, because what we think that they were going to do was then go back to the operations side and maybe over pressurize things - they can overheat things, things like that, and then the safety system wouldn't be able to stop it, and then you could have a catastrophic failure causing loss of life, damage to the environment. ... It would be a truly catastrophic event."

In a video interview at RSA Conference 2018, Caltagirone discusses:

  • Industrial and power grid security;
  • The "safety versus security" ethos that pervades the industry;
  • How industrial control systems often pop up in environments that might not think they have any.

Caltagirone is Drago's director of threat intelligence and analytics. He's also technical director of the Global Emancipation Network, a not-for-profit organization employing data analytics to disrupt human trafficking operations. Previously, he served as director of threat intelligence for Microsoft and was one of the National Security Agency's first dedicated threat intelligence analysts and founding member of the NSA/CSS Threat Operations Center - NTOC - responsible for finding, tracking, and countering sophisticated cyber threats.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.