Inside Triton, the World’s “Most Murderous” Malware

An article from the MIT Technology Review on Triton malware includes commentary from Julian Gutmanis, a cybersecurity consultant who was hired by a petrochemical plant in Saudi Arabia to assist with the response to a cyber attack on its system by the malware. Triton is unique from other types of malware targeting industrial control systems because it seeks to compromise safety instrumented systems, which keep operations running at safe levels and can shut down systems altogether to prevent life-threatening disasters. Gutmanis recalls that dealing with the malware at the plant, which had been restarted after a second incident, was a nerve-racking experience. “We knew that we couldn’t rely on the integrity of the safety systems,” he says. “It was about as bad as it could get.” Andrew Kling, an executive with Schneider Electric (the vendor of the systems hacked by Triton), says an important lesson from Triton’s discovery is that industrial companies and equipment manufacturers need to focus even more on areas that may seem like highly unlikely targets for hackers but could cause disaster if compromised. These include things like software applications that are rarely used and older protocols that govern machine-to-machine communication. “You may think nobody’s ever going to bother breaking [an] obscure protocol that’s not even documented,” Kling says, “but you need to ask, what are the consequences if they do?” Read the article at MIT Technology Review.