Triton – Page 3 – WindowsTechs.com

Trisis masterminds have hacked U.S. industrial firms, new research claims

Posted on May 24, 2018 by Chris Bing

A group known for infecting a Saudi petrochemical plant with highly sophisticated industrial control malware has targeted the same type of systems inside the United States, according to new research by ICS-focused cybersecurity startup Dragos. The group behind the malware, which Dragos refers to as “Xenotime,” has expanded their operations to include attacks on multiple undisclosed U.S. companies. The malware shows similarities to what’s commonly known as Trisis, which was used in an attack last year in Saudi Arabia. While Trisis exploited one particular industrial control system, researchers say a new variant impacts a variety of safety instrumented systems. Safety instrumented systems, or SIS for short, are hardware and software controls that protect large-scale industrial processes and equipment typically found in nuclear, petrochemical or manufacturing plants. There are few companies who create and manage SIS systems, including but not limited to St. Louis-based Emerson, New Jersey-based Honeywell, and Tokyo-based Yokogawa. Dragos has […]

The post Trisis masterminds have hacked U.S. industrial firms, new research claims appeared first on Cyberscoop.

Continue reading Trisis masterminds have hacked U.S. industrial firms, new research claims→

Schneider Electric Patches Critical RCE Vulnerability

Posted on May 2, 2018 by Lindsey O'Donnell

Researchers found a critical remote code execution vulnerability afflicting two Schneider Electric products that could give attackers to disrupt or shut down plant operations.
Continue reading Schneider Electric Patches Critical RCE Vulnerability→

Use of ‘StegWare’ Increases in Stealth Malware Attacks

Posted on April 19, 2018 by Tom Spring

Researchers are warning malware payloads can bypass traditional AV protection when delivered buried inside images, documents or even just a pixel. Continue reading Use of ‘StegWare’ Increases in Stealth Malware Attacks→

Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities

Posted on March 20, 2018 by Lindsey O'Donnell

Dewan Chowdhury, founder of MalCrawler, talks at SAS about the risks that companies face when securing their industrial control systems and robotics. Continue reading Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities→

FireEye’s Marina Krotofil On Triton and ICS Threats

Posted on March 12, 2018 by Lindsey O'Donnell

At the Security Analyst Summit this year in Cancun, FireEye’s Marina Krotofil talks about the Triton malware, first disclosed in December 2017, that targets industrial control systems. Continue reading FireEye’s Marina Krotofil On Triton and ICS Threats→

Triton Malware Exploited Zero-Day Flaw in Schneider Electric Safety Controllers

Posted on January 22, 2018 by Lucian Constantin

Schneider Electric has confirmed that a recently uncovered malware program that was used to attack industrial infrastructure exploited a vulnerability in its Triconex safety controllers. The malware, dubbed Triton, was uncovered in December by research… Continue reading Triton Malware Exploited Zero-Day Flaw in Schneider Electric Safety Controllers→

Triton Malware Exploited Zero-Day Flaw in Schneider Electric Safety Controllers

Posted on January 22, 2018 by Lucian Constantin

Schneider Electric: Trisis leveraged zero-day flaw, used a RAT

Posted on January 18, 2018 by Chris Bing

Multinational energy technology company Schneider Electric revealed new details Thursday about a historic breach where hackers were able to halt operations at an energy plant in the Middle East by deploying highly sophisticated malware. The latest revelations, which were publicly announced at an industrial control systems cybersecurity conference, show that Trisis leveraged a zero-day vulnerability in Schneider Electric’s Triconex Tricon safety-controller firmware. The vulnerability allowed for privilege escalation, which would allow hackers to manipulate emergency shutdown systems during a targeted attack. In addition, there was a remote access trojan (RAT) within Trisis, providing attackers with a wide array of options, including the ability to turn off industrial equipment or sabotage the safety controllers in order to create unsafe conditions. The RAT is the first designed to specifically impact safety-instrumented systems, allowing for someone to access the highest privileges available on a targeted machine. In this case, the RAT was injected directly into […]

The post Schneider Electric: Trisis leveraged zero-day flaw, used a RAT appeared first on Cyberscoop.

Continue reading Schneider Electric: Trisis leveraged zero-day flaw, used a RAT→

Trisis has mistakenly been released on the open internet

Posted on January 16, 2018 by Chris Bing

An elite, government authored cyberweapon has been sitting online in public view for nearly anyone to copy since Dec. 22 because multinational energy technology company Schneider Electric mistakenly posted a sensitive computer file to VirusTotal, three sources familiar with the matter told CyberScoop. Schneider Electric obtained the file in question, titled “Library.zip,” after collecting evidence during a data breach investigation in the Middle East that focused on an incident at an oil and gas refinery. Library.zip holds the backbone of a dangerous malware framework known as “Trisis” or “Triton,” according to research by U.S. cybersecurity companies Dragos Inc. and FireEye. The upload to VirusTotal, a public malware repository, provided the remaining puzzle piece needed for someone to reconstruct Trisis from publicly available artifacts. After being posted to VirusTotal, Library.zip proliferated — it was picked up and re-uploaded to various platforms, including GitHub and VirusTotal. Experts say the unique malware was carefully designed to manipulate […]

The post Trisis has mistakenly been released on the open internet appeared first on Cyberscoop.

Continue reading Trisis has mistakenly been released on the open internet→

Trisis has the security world spooked, stumped and searching for answers

Posted on January 16, 2018 by Chris Bing

At first, technicians at multinational energy giant Schneider Electric thought they were looking at the everyday software used to manage equipment inside nuclear and petroleum plants around the world. They had no idea that the code carried the most dangerous industrial malware on the planet. More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the perpetrators planted inside a nondescript Saudi computer network. It’s a rare case involving a computer virus specially engineered to sabotage industrial control systems (ICS) — the gear that keeps factories and refineries running. Manipulating these systems can have a destructive impact far beyond the network. Today, the incident’s magnitude and implications are […]

The post Trisis has the security world spooked, stumped and searching for answers appeared first on Cyberscoop.

Continue reading Trisis has the security world spooked, stumped and searching for answers→