Triton – The Deadly New Industrial Cyberweapon
The lines between the digital and the physical world are becoming increasingly intertwined and the effects of viruses and malware which have previously been confined to cyberspace are now having physical consequences in the real world.
Triton is the ‘new kid’ on the malware block. It was first spotted in 2017 when it was used against a petrochemical plant owned by Tasnee in Saudi Arabia[i]. Also known as Trisis, it has been engineered to target a specific type of industrial control system (ICS), namely the Triconex safety instrumented systems (SIS) controllers developed by Schneider Electric.[ii]
The Triton malware is especially concerning as the sole purpose of the code is to, via these SIS systems, cause process shutdowns and tamper with emergency controls – in particular the failsafe functions that prevent catastrophic industrial accidents.
In this client briefing, our Cyber team outlines:
- how the Triton hackers operated in the case of the Tasnee Plant;
- industries that could be in the crosshairs and;
- pre-emptive measures that organisations can take today.
[i] Perlroth, N. and Krauss, C. (2018). A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try.. [online] Nytimes.com. Available at: https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html [Accessed 6 Jun. 2019].
[ii] Osborne, C. (2019). Triton hackers return with new, covert industrial attack | ZDNet. [online] ZDNet. Available at: https://www.zdnet.com/article/triton-hackers-return-with-new-industrial-attack/ [Accessed 6 Jun. 2019].
Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) arrange insurance and are not an insurer. Any statements concerning legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as legal advice, for which you should consult your own professional advisors. This document is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage.