Security researchers recently found a new malware variant that can target industrial safety equipment. It was specifically built to communicate with the controllers of Triconex Safety Instrumented System. They work simply by reading the data stream from multiple industrial tools like factory machinery, valves, motors etc. and the work happening in a special parameter. If there is any deviation from the predefined margin, then the controllers sense a mess and take adequate action to protect the lives of workers and work process.
Triconex targeted by Triton
According to extensive research, Triton malware looks exactly like a genuine Triconex SIS controller software for Windows. This malware hidden inside the software records the configuration found on the infected workstation, identify the controllers and deploy certain payloads. These payloads are instructed to stop the production process or allow the machinery to work in unsafe mode resulting in physical damage.
The malware targets critical infrastructure and lacks monetary motifs. The technological resources required to compromise the infrastructure does not reveal the criminals’ identities and their origin.
Triton is nothing but an advanced coding
The report confirms that the attackers were skilled enough and planned to wreak havoc. They deployed Triton just after getting access to the controllers. This proves that the malware was pre-tested before inflicting the damage. In addition, the malware had a mechanism to remove its entire device tampering clues. The workstation which got infected had an isolated network and that might have helped the criminals to break through with ease.
This attack targets the crucial industrial infrastructure just to degrade or destroy the systems carried out globally. These attacks can remain undetected on several occasions.
eScan users are protected from this threat and they are advised to regularly update the AV Signatures and Product updates as and when available just to protect their digital environment from such attacks.
