The hacking group Xenotime, reported to be behind intrusions targeting facilities in oil and gas industries, has started probing industrial control systems (ICSs) of power grids in the U.S. and the Asia-Pacific region.
Security researchers uncovered an additional intrusion by the threats actors behind 2017's TRITON malware, a dangerous and potentially destructive malware that targets the safety systems of industrial facilities.
A review of the first half of 2018 shows a threat landscape that not only has constant and familiar features but also has morphing and uncharted facets: Ever-present threats steadily grew while emerging ones used stealth.
TRITON or TRISIS (detected by Trend Micro as TROJ_TRISIS.A) is a recently discovered malware that was designed to manipulate industrial safety systems and most notably was involved in shutting down an industrial plant’s operations.
Standard maintenance policies leave machinery vulnerable to attack. Both hardware and software are vulnerable when normal operations and security protocols are paused or switched to another mode so that updates or fixes can be applied.
A complete discussion of the different vulnerability categories, including case studies of vulnerable SCADA HMIs. The paper also provides a guide for vulnerability researchers, as well as vendors on quick and efficient bug discovery.