Russia-backed Triton malware - that caused the shutdown of a petrochemical plant in Saudi Arabia twice in 2017 - is now aiming to compromise new targets outside the Middle East, especially in North America, according to a new report.
Maryland-headquartered Dragos, a firm that specialises in industrial cybersecurity, has collected evidence over the past year that Triton is searching for new targets, according to a report from the MIT Technology Review.
“Those behind Triton are now on the hunt for new victims in North America and in other parts of the world. The hacking group that built the malware and inserted it into the Saudi plant is using some of the same digital tradecraft to search new targets.”
Triton gained access to the network of a Saudi plant in 2014 and caused shutdowns in June and August 2017. However, it was made public in December 2017.
A malware is malicious software that is designed to disrupt or gain illegal access to a computer system.
US-based cybersecurity firm FireEye has attributed the intrusion activities of Triton to a Russian government-owned technical research institute in Moscow.
At a time when enterprises are implanting connectivity in all kinds of machinery - through the industrial internet of things - Triton’s unearthing raises questions about the safety of critical and industrial infrastructure.
Industry experts call for the implementation of better security mechanisms to foil such attacks.
“Understanding industry best practices and internal mitigation strategies is invaluable to combating cyber attacks,” said Ziad Nasrallah, principal at a management and technology consulting firm Booz Allen Hamilton, adding that this includes proactive planning, integrating intelligence-driven threat detection, securing networks and databases, and conducting regular vulnerability scans.
