After Middle East, Russia-backed Triton targeting American enterprises

Malware caused a shutdown of a regional petrochemical plant twice

epa07294580 (FILE) - ILLUSTRATION - A person sits in front of a computer screen in Moers, Germany, 04 January 2019 (reissued 19 Jauary 2019). Media reports on 17 January 2019 state that a record with numerous stolen user data has been published on the Internet. The collection named Collection #1 contained almost 773 million different email addresses, more than 21 million different passwords and more than a billion combinations of credentials, according to a Australian IT security expert. Internet users shall be affected worldwide.  EPA/SASCHA STEINBACH
Powered by automated translation

Russia-backed Triton malware - that caused the shutdown of a petrochemical plant in Saudi Arabia twice in 2017 - is now aiming to compromise new targets outside the Middle East, especially in North America, according to a new report.

Maryland-headquartered Dragos, a firm that specialises in industrial cybersecurity, has collected evidence over the past year that Triton is searching for new targets, according to a report from the MIT Technology Review.

“Those behind Triton are now on the hunt for new victims in North America and in other parts of the world. The hacking group that built the malware and inserted it into the Saudi plant is using some of the same digital tradecraft to search new targets.”

Triton gained access to the network of a Saudi plant in 2014 and caused shutdowns in June and August 2017. However, it was made public in December 2017.

A malware is malicious software that is designed to disrupt or gain illegal access to a computer system.

US-based cybersecurity firm FireEye has attributed the intrusion activities of Triton to a Russian government-owned technical research institute in Moscow.

At a time when enterprises are implanting connectivity in all kinds of machinery - through the industrial internet of things - Triton’s unearthing raises questions about the safety of critical and industrial infrastructure.

Industry experts call for the implementation of better security mechanisms to foil such attacks.

“Understanding industry best practices and internal mitigation strategies is invaluable to combating cyber attacks,” said Ziad Nasrallah, principal at a management and technology consulting firm Booz Allen Hamilton, adding that this includes proactive planning, integrating intelligence-driven threat detection, securing networks and databases, and conducting regular vulnerability scans.