reuters

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system

(Reuters) – Hackers likely working for a nation-state recently penetrated the safety system of a critical infrastructure facility in an attack that caused operations to shut down, according to cyber security firm FireEye Inc, which said it investigated the incident.

FireEye declined to identify the victim or industry, citing client confidentiality. It said it went public to highlight the escalating threat from hackers who are developing increasingly sophisticated tools to disrupt or cause physical damage to critical infrastructure, which includes facilities such as energy, water, chemical and manufacturing plants.

The U.S. government and private cyber-security firms have issued public warnings over the past few years about attempts by hackers from nations including Iran, North Korea and Russia and other nations to attack the companies that run such plants in what they say are primarily reconnaissance operations.

We want to make sure that the broader industry is aware that there are attackers with the capability and interest in targeting those types of systems, so they can take better precautions to defend against such attacks,” said Dan Scali, a FireEye manager who led the investigation.

In the recent incident, hackers used sophisticated malware to take remote control of a workstation running a safety system from Schneider Electric SE, then sought to reprogram controllers used to monitor the plant for potential safety issues. During that incident, some of the controllers entered a fail safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye said.

FireEye believes the attacker’s actions inadvertently caused the shutdown while probing the system to learn how it worked, Scali said. The attackers were likely conducting reconnaissance to learn how they could modify safety systems so they would not operate in the event that the hackers intended to launch an attack that disrupted or damaged the plant, he said.

Reuters was unable to identify the victim or determine how the shutdown had affected its operations. Representatives with Schneider Electric could not immediately be reached for comment.

FireEye said it had not identified the hackers, but believed they were working on behalf of a nation state due to the sophistication of the campaign and its targeting of critical infrastructure.

The malware, which FireEye has dubbed Triton because it targets Schneider’s Triconex plant safety systems, is only the third type of computer virus discovered to date that is capable of disrupting industrial processes.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

The second, known as Crash Override or Industroyer, was discovered last year by researchers who said it was likely used in a December 2016 attack that cut power in Ukraine.

FireEye said it had briefed the U.S. Department of Homeland Security on its findings. A DHS representative said he had no immediate comment on the matter.

Article source: Reuters

CloudBuzz

The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

RECENT NEWS

Red Hat global survey finds field services operations bullish on emerging technologies

Red Hat global survey finds field services operations bullish on emerging technologies

Bullish Emerging Technologies For many industries, from transportation to utilities, manufacturing and more, field workers are pivotal to the success ...
Amazon shortlists 20 cities for second headquarters

Amazon shortlists 20 cities for second headquarters

(Reuters) - Amazon.com Inc (AMZN.O) has short-listed 20 cities and regions, including one in Canada, for the construction of a ...
IBM shares rise after Barclays double upgrade

IBM shares rise after Barclays double upgrade

(Reuters) - Shares in International Business Machines rose nearly 2 percent on Wednesday, helped by a double-notch upgrade for the ...
DigitalOcean Announces New Compute Plans to Provide Best Price-to-Performance for Production Applications

DigitalOcean Announces New Compute Plans to Provide Best Price-to-Performance for Production Applications

Changes Position DigitalOcean as Most Competitive, Simple Pricing Solution in Cloud Infrastructure Industry NEW YORK, Jan. 16, 2018 (GLOBE NEWSWIRE) ...
Google classroom

Google to expand cloud infrastructure with new regions, submarine cables

(Reuters) - Alphabet Inc’s Google said on Tuesday it would add five regions and build three new submarine cables as ...