In the summer of 2017, a petrochemical plant in Saudi Arabia experienced a worrisome security incident that cybersecurity experts consider to be the first-ever cyber attack carried out with “a blatant, flat-out intent to hurt people.” The attack involved a highly sophisticated new malware strain called Triton, which was capable of remotely disabling safety systems inside the plant with potentially catastrophic consequences.
Luckily, a flaw in the Triton code triggered a safety system that responded by shutting down the plant. If it hadn’t been for that flaw, the hackers could have released toxic hydrogen sulfide gas or caused explosions. As a result, employees of the plant and residents of the surrounding area could have been killed or injured.
Triton is almost certainly the work of state-backed hackers. While Iran was the initial suspect, later reports indicate that Russia may have been behind the attack, using spear phishing attacks to take over the network.
Since Triton was first discovered, cybersecurity firms have uncovered more attacks involving malware with similar traits, designed to take over safety systems. Triton has not been spotted in other potentially destructive attacks, but cybersecurity experts believe it is only a matter of time before the murderous malware will rear its ugly head again.
Full Article here in the MIT Technology Review: https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/
Find out what percentage of your employees are Phish-prone™
Would your users fall for spear phishing and other social engineering attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: