Collaborate Disseminate
As more and more attacks against companies working in the energy sector become public, it is becoming increasingly clear that those systems are far from impermeable. And it’s not just state-sponsored attackers that are looking for a way in: oppor… Continue reading Building a sound security strategy for an energy sector company
Schneider Electric on Tuesday issued fixes for a vulnerability its SoMachine Basic software that could result in disclosure and retrieval of arbitrary data. Continue reading Schneider Electric Patches XXE Vulnerability In Software
Researchers found a critical remote code execution vulnerability afflicting two Schneider Electric products that could give attackers to disrupt or shut down plant operations.
Continue reading Schneider Electric Patches Critical RCE Vulnerability
Multinational energy technology company Schneider Electric revealed new details Thursday about a historic breach where hackers were able to halt operations at an energy plant in the Middle East by deploying highly sophisticated malware. The latest revelations, which were publicly announced at an industrial control systems cybersecurity conference, show that Trisis leveraged a zero-day vulnerability in Schneider Electric’s Triconex Tricon safety-controller firmware. The vulnerability allowed for privilege escalation, which would allow hackers to manipulate emergency shutdown systems during a targeted attack. In addition, there was a remote access trojan (RAT) within Trisis, providing attackers with a wide array of options, including the ability to turn off industrial equipment or sabotage the safety controllers in order to create unsafe conditions. The RAT is the first designed to specifically impact safety-instrumented systems, allowing for someone to access the highest privileges available on a targeted machine. In this case, the RAT was injected directly into […]
The post Schneider Electric: Trisis leveraged zero-day flaw, used a RAT appeared first on Cyberscoop.
Continue reading Schneider Electric: Trisis leveraged zero-day flaw, used a RAT
An elite, government authored cyberweapon has been sitting online in public view for nearly anyone to copy since Dec. 22 because multinational energy technology company Schneider Electric mistakenly posted a sensitive computer file to VirusTotal, three sources familiar with the matter told CyberScoop. Schneider Electric obtained the file in question, titled “Library.zip,” after collecting evidence during a data breach investigation in the Middle East that focused on an incident at an oil and gas refinery. Library.zip holds the backbone of a dangerous malware framework known as “Trisis” or “Triton,” according to research by U.S. cybersecurity companies Dragos Inc. and FireEye. The upload to VirusTotal, a public malware repository, provided the remaining puzzle piece needed for someone to reconstruct Trisis from publicly available artifacts. After being posted to VirusTotal, Library.zip proliferated — it was picked up and re-uploaded to various platforms, including GitHub and VirusTotal. Experts say the unique malware was carefully designed to manipulate […]
The post Trisis has mistakenly been released on the open internet appeared first on Cyberscoop.
Continue reading Trisis has mistakenly been released on the open internet
At first, technicians at multinational energy giant Schneider Electric thought they were looking at the everyday software used to manage equipment inside nuclear and petroleum plants around the world. They had no idea that the code carried the most dangerous industrial malware on the planet. More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the perpetrators planted inside a nondescript Saudi computer network. It’s a rare case involving a computer virus specially engineered to sabotage industrial control systems (ICS) — the gear that keeps factories and refineries running. Manipulating these systems can have a destructive impact far beyond the network. Today, the incident’s magnitude and implications are […]
The post Trisis has the security world spooked, stumped and searching for answers appeared first on Cyberscoop.
Continue reading Trisis has the security world spooked, stumped and searching for answers
Security researchers from FireEye and Dragos have analyzed and detailed a new piece of malware targeting industrial control systems (ICS). Dubbed “TRITON” and “TRISIS” by the two groups of researchers, the malware was discovered… Continue reading Attackers disrupt plant operations with ICS-tailored malware
Malware intended for a “high-impact” attack against safety systems likely would of caused physical damage to a targeted company located in the Middle East. Continue reading Triton Malware Targets Industrial Control Systems in Middle East
Siemens patched a recently disclosed vulnerability pertaining to systems with specific Intel processors. If exploited, the flaw could let an attacker gain system privileges. Continue reading Siemens Patches Critical Intel AMT Flaw in Industrial Products
Companies across industries are increasingly leveraging the cloud for security applications, with 42 percent indicating they currently run security applications in the cloud and 45 percent stating they are likely or extremely likely to transition security operations to the cloud in the future, according to Schneider Electric. Are you currently hosting your security operations in the cloud? Organizations utilize the cloud for existing applications including data storage, human resources, email and security, and are eager … More → Continue reading Will most security operations transition to the cloud?