Freshly discovered malware called Triton can compromise safety systems that control many kinds of industrial processes.
For years, security experts have been warning that hackers can disable systems that control critical infrastructure we all rely on, such as dams and power plants. Now researchers at Mandiant, which is part of the security firm FireEye, have revealed that a new form of malware, dubbed Triton, closed down the operations of a business in the Middle East belonging to Schneider Electric, a French company. The researchers say that they haven’t attributed the hack to a particular attacker, but they do say it bore hallmarks of threats from a nation-state.
Triton appears to have targeted a so-called safety instrumented system, or SIS, which monitors the operation of a physical process using sensors and acoustics. By taking control of it, hackers can destroy or damage the process the SIS is monitoring by tricking it into thinking everything’s normal, when in fact the process is operating at unsafe levels.