Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system

(Reuters) – Hackers likely working for a nation-state recently penetrated the safety system of a critical infrastructure facility in an attack that caused operations to shut down, according to cyber security firm FireEye Inc, which said it investigated the incident.

FireEye declined to identify the victim or industry, citing client confidentiality. It said it went public to highlight the escalating threat from hackers who are developing increasingly sophisticated tools to disrupt or cause physical damage to critical infrastructure, which includes facilities such as energy, water, chemical and manufacturing plants.

The U.S. government and private cyber-security firms have issued public warnings over the past few years about attempts by hackers from nations including Iran, North Korea and Russia and other nations to attack the companies that run such plants in what they say are primarily reconnaissance operations.

We want to make sure that the broader industry is aware that there are attackers with the capability and interest in targeting those types of systems, so they can take better precautions to defend against such attacks,” said Dan Scali, a FireEye manager who led the investigation.

In the recent incident, hackers used sophisticated malware to take remote control of a workstation running a safety system from Schneider Electric SE, then sought to reprogram controllers used to monitor the plant for potential safety issues. During that incident, some of the controllers entered a fail safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye said.

FireEye believes the attacker’s actions inadvertently caused the shutdown while probing the system to learn how it worked, Scali said. The attackers were likely conducting reconnaissance to learn how they could modify safety systems so they would not operate in the event that the hackers intended to launch an attack that disrupted or damaged the plant, he said.

Reuters was unable to identify the victim or determine how the shutdown had affected its operations. Representatives with Schneider Electric could not immediately be reached for comment.

FireEye said it had not identified the hackers, but believed they were working on behalf of a nation state due to the sophistication of the campaign and its targeting of critical infrastructure.

The malware, which FireEye has dubbed Triton because it targets Schneider’s Triconex plant safety systems, is only the third type of computer virus discovered to date that is capable of disrupting industrial processes.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

The second, known as Crash Override or Industroyer, was discovered last year by researchers who said it was likely used in a December 2016 attack that cut power in Ukraine.

FireEye said it had briefed the U.S. Department of Homeland Security on its findings. A DHS representative said he had no immediate comment on the matter.

Article source: Reuters


The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.

Numeraire Cryptocurrency

Digital Cashless Society: Dystopian Nightmares or Utopian Dreams

Digital Cashless Society A truly digital cashless society was long the realm of dystopian nightmares (or utopian dreams depending on ...
20 Leading Cloud CMS Wordpress Alternatives

20 Leading Cloud CMS WordPress Alternatives

Cloud CMS Wordpress Alternatives Content management systems (CMS) have grown exponentially in recent years. Their number and features have exploded ...

Industrial IoT will reshape network requirements

Industrial IoT The hype around IoT may have been surpassed this year by breathless coverage of topics such as artificial ...
SD Wan Speeds

Debunking some common SD WAN myths

Common SD WAN Myths There are few buzzwords in the networking world as current as ‘SD WAN’ – and depending ...
Biometric Authentication

Passwords: More Secure Than Biometric Authentication?

Biometric Authentication Biometrics has long granted or denied access to secure things like premises and vehicles. Now it is being ...
Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks Nearly every IT professional dreads unplanned downtime. Depending on which systems are hit, it can mean ...
Is Machine Learning The Future? Making Your Data Scientists Obsolete

Is Machine Learning The Future? Making Your Data Scientists Obsolete

Is Machine Learning The Future? In a recent study, almost all the businesses surveyed stated that big data analytics were ...
Finding and Implementing Startup Tools

Finding and Implementing The Right Tools For Your Startup

Implementing Startup Tools Many startups believe implementing cloud tools help reduce operation costs as well as the time taken to ...
Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords Simple passwords are no longer safe to use online. John Barco, vice president of Global ...
Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Multi-Instance vs. Multi-Tenant Architecture  The cloud is part of everything we do. It’s always there backing up our data, pictures, ...