Free trial

Triton Malware Attack

Industrial Control System (ICS) are everywhere, they are especially present in critical infrastructures and industrial sectors. They help monitoring complex industrial processes. Nuclear facilities, Power plants and Manufacturing are examples of industries in which ICS are heavily used. Medical equipment, smart car or smart houses are other examples where ICS are used by everyone in everyday life.

 Since 2005, attacks targeting Industrial Control System (ICS) are become more and more frequent. The impact of these attacks can often be serious damages in terms of production, operations, financial losses and more importantly human lives which are put at risk. Every year, there are more and more attacks targeting ICS systems. There are several attack vectors such as absence of strong network segmentation and unsecured remote access to ICS components.

Triton Malware

In 2017, a Saudi Arabian petrochemical plant was targeted by the malware called Triton (also known under names such as Trisis or HatMan). The attackers took control of a subcategory of ICS: Safety Instrumented System (SIS) controller by Triconex which detects abnormal conditions and returns the system into a safe state. The Triconex SIS distributed by the Schneider Electric is used in thousands of industrial plants in nuclear, oil and chemical industries.

SIS controllers are automated monitoring solutions aimed at maintaining the plant in a safe state condition or bring it back into a safe state when some of the parameters (for example temperature or pression) are becoming abnormal. SIS is the last line of defense to protect human lives and industrial plants against physical damage.

The Triton attack framework developed by hackers was made to reprogram the SIS controller and modify its behavior.

 

Probably using a phishing attack, the attacker gained remote access to one of the computers on the process control network which had access to the SIS controller. Nowadays it is trendy to have the process control systems and the SIS controllers on the same network. Moreover, the attack surface increases if the network can be accessed remotely.

The hacker succeeded to access the SIS and implanted an executable, the first step of the malware consisted in downloading another piece of malicious code. Using a zero-day attack, the attacker managed to elevate its privileges to the one of supervisor (read/write/execute privileges) in order to inject the payload in the memory of the Triconex. The payload contained an implementation of the TriStation protocol, reverse-engineered by the hackers, that can be used to communicate with the targeted device.

We assume that the attacker made a mistake and accidentally caused the plant shut down. The plant owner did an investigation and discovered the Triton Malware. According to the Schneider report, the attack’s intended goal was not to shut down the plant but to cause more physical damage.The hackers have not been identified but they are probably sponsored by a nation state as they have targeted a critical infrastructure and because of the absence of ransom request.

Network segmentation is one of mitigations in this case.We use Triton as an example of attack targeting ICS but there are many others (for example Stuxnet in 2010 against Iran) that can cause a significant damage.

Our solution: ARCA OS System

Thanks to ARCA Trusted OS system hardening, it is possible to implement a firmware signature process for embedded devices as well as critical industrial systems. Therefore, it would be impossible for an attacker to replace the binary or executable utility by a “rogue” one. In the above scenario, the attack would not be able to continue and lead to a damaging impact.

About CYSEC LAB

CYSEC LAB is a security evaluation lab performing research of front-edge technologies. The team, made of embedded engineers, security researchers and cryptographers, has the complementary skills that allows CYSEC to engineer and develop home made test benches with high performance.

For more information, please visit: www.cysec.com/lab/

 

Media Contact

Alexandre Karlov

alexandre.karlov@cysec.com

Latest Industry News

Securing the ever-evolving healthcare field – A CYSEC & Implicity Partnership
In the ever-evolving healthcare field, the ability to collect and anal...Read more >
i2CAT and CYSEC join forces to advance IoT security within COGNIFOG Project
i2CAT and CYSEC are thrilled to announce their collaboration within th...Read more >
Securing fleets of Container-based Edge Computing Devices
The deployment of a distributed system such as edge computing can be e...Read more >
Thuraya signs agreement with CYSEC
Thuraya Telecommunications Company (Thuraya), the mobile satellite ser...Read more >
CYSEC & TIESSE : Strategic partnership for satellite links security
CYSEC and Tiesse SpA have established a strategic industrial partnersh...Read more >
Performance benchmark made within the SYNAPSE project
The impact that the security provided by ARCA Trusted OS, CYSEC’s ha...Read more >
Qualification of the ARCA SATCOM solution
As part of studies conducted at CNES, CYSEC qualified its ARCA SATCOM ...Read more >
Securing Edge Devices: The Crucial Role of Root of Trust in a Connected World
In the rapidly evolving landscape of IoT (Internet of Things) and edge...Read more >
ARCAOS x86 compatibility with VM environments
CYSEC aims at offering the capacity to launch VMs running in Confident...Read more >
The SYNAPSE PROJECT
A snapshot of the collaborative SYNAPSE project between CYSEC and Look...Read more >
CYSEC design choices and security maintenance processes
Sovereign cloud is emerging as a preferred choice for many organizatio...Read more >
Unlocking the Potential of Remote Attestation: The Future of Trust and Security in a Connected World
The increasing prevalence of network-connected devices and the rise of...Read more >
Protect your sovereign cloud with CYSEC solutions
Sovereign cloud is emerging as a preferred choice for many organizatio...Read more >
A technical deep dive in the secure boot of ARCA Trusted OS for Raspberry Pi 4B
ARCA Trusted OS is an Operating System (OS) that can run on Raspberry ...Read more >
ESA PUSH
Within the PROGRAMME FOR USERBASE ENHANCEMENT (PUSH), ESA selected com...Read more >
Attested VM launch protocol : The result of CYSEC
CYSEC explored the attestation mechanisms offered by two different CPU...Read more >
ARCA SATLINK successfully tested in space
As part of a project for the European Space Agency - ESA our engineeri...Read more >
Linebreak and CYSEC join forces to securely unlock data in enterprise edge computing
enterprises need confidence when running their sensitive workloads in ...Read more >
ARCAOS x86 on mini-servers
CYSEC continues its edge computing strategy expansion by qualifying tw...Read more >
USE CASE MIDEYE – CYSEC
Mideye and CYSEC have decided to work together to deliver a simple and...Read more >
SixSq and CYSEC – A secure end to end edge computing solution
SixSq, an Ekinops company, and CYSEC are thrilled to announce their pa...Read more >
ARCAOS x86 compatibility on AWS
ARCA Trusted OS for x86 can now be deployed into AWS EC2 instances as ...Read more >
PostFinance and CYSEC
PostFinance, the fifth largest retail financial institution in Switzer...Read more >
Crosscon Project – Enhancing Security in Agricultural UAVs: The Power of Remote Attestation
One of the challenges faced by UAVs is their mobility and the potentia...Read more >
Leveraging ChatGPT at the edge on a Raspberry Pi protected by Arca Trusted OS
In this use-case, ARCA Trusted OS protects the data stored on the Rasp...Read more >
A Trusted Environment at the Edge to Run AI Applications
With the adoption of AI at the edge, companies will expand their busin...Read more >
CYSAT
CYSEC has been organizing CYSAT, the biggest European event entirely d...Read more >
Secure your Raspberry Pi for industrial grade usage with ARCA Trusted OS
CYSEC is pleased to announce its new born ARCA Trusted OS for ARM spec...Read more >
World’s first in-orbit cybersecurity demonstration at CYSAT
First offensive security demo on a flying satellite at CYSAT - In orde...Read more >
Trusted and Secure Stream Analytics for Industrial IoT
Crosser, creator of a market leading low-code platform for stream anal...Read more >
What are the NIST SP 800-190 countermeasures in ARCA Trusted OS?
In addition to these recommendations specific to the host OS, ARCA Tru...Read more >
CYSEC AND SIGHUP PARTNER UP
SIGHUP is partnering with Cysec to provide a secure kubernetes-based c...Read more >
Cysec and Ingram Micro new partnership
Ingram Micro Italy, a global leader in Technology and Supply Chain Ser...Read more >
Cysec and Syntheticus team up
“Cysec and Syntheticus team up to offer a solution enabling the migr...Read more >
SECURED FLEET OF DRONES
The drones industry is getting a lot of success in many verticals such...Read more >
CYSEC raises 2 million CHF with KARISTA’S Newspace Fund
CYSEC announces it has raised an additional €2m from Karista. The bu...Read more >
How Cysec helps you leverage confidential VMs in public clouds
Based on the Confidential Computing Consortium, Confidential Computing...Read more >
For automated, scalable, and secure edge computing environments
LAUSANNE, SWITZERLAND. and STOCKHOLM, SWEDEN. Cysec, a software provid...Read more >
How to migrate your sensitive data to public clouds?
There is a clear trend to migrate data from organizations and companie...Read more >
Web3 and Secure Computing: Cysec case Study
Web3 refers to the next Internet generation, one that leverages public...Read more >
CYSEC featured on cybernews!
Cysec has been mentioned, by the experts of cybernews.com, as one of t...Read more >
Kata Containers: Cysec case Study
Cysec offers to run its orchestration platform with several runtimes s...Read more >
Spacebel and CYSEC team up on a contract with the European Space Agency (ESA)
The European Space Agency (ESA) awarded a contract to Spacebel (Prime ...Read more >
“Because of geopolitical and economical pressures, company data protection is essential”
A talk with the CEO and Co-Founder of CYSECRead more >
Announcing Nicolas Chaillan and Octave Klaba as keynote speakers at CYSAT
The full event agenda is liveRead more >
New Space Economy MOOC
An online course on the challenges of commercial space missions.Read more >
Kata Containers: the ultimate workloads isolation
Introducing Kata Containers supportRead more >
Cybersecurity for Enterprise Blockchain Solutions
Blueprint paper - Crypto ValleyRead more >
Cosimo Calcagno joins Board of Directors
New member of the Board of Directors and investor.Read more >
Securely embrace the public cloud
Innovate faster, with security built in every step of the way.Read more >
Embedded KMS for IoT applications : the SEGWAY project
Filling the security gaps in cloud-edge integration.Read more >
CYSEC raises 4 million CHF in seed extension round
A funding to further its growth in digital assets and edge computing.Read more >
Protecting data: glossary of an industry
Every industry has its own vocabulary and cybersecurity is no exceptio...Read more >
Why cybersecurity is too important to get lost in space
As the race to space takes flight, ARCA is ready for launch. Read more >
2021 in review
Wrapping up yet another special year, but with great achievements.Read more >
Hack CYSAT: Europe’s first satellite hack
Calling for ethical hackers to hack a flying satellite.Read more >
Protecting health data on public cloud with HOSTEUR & CYSEC
Improving the cryptographic key exchange protocol to ensure end-to-end...Read more >
What is confidential computing?
The new kid on the security blockRead more >
CYSEC wins European Space Agency contract to protect governmental data
Improving the cryptographic key exchange protocol to ensure end-to-end...Read more >
Confidential computing with CYSEC ARCA & AMD-SEV [WHITEPAPER]
Whitepaper on how CYSEC ARCA leverage AMD-SEV Read more >
Differential power analysis on SIKE – part 2
Power analysis attack on SIKE in a semi-static setting Read more >
Differential power analysis on SIKE – part 1
An introduction to isogeny-based cryptography Read more >
CYSEC partners with D-Orbit
Fly end-to-end cybersecurity for commercial space missionsRead more >
CYSEC partners with armasuisse Cyber Defence Campus
Protecting the data broadcasted by satellite internet providers Read more >
Triton Malware Attack
Attack targeting Industrial Control System (ICS) Read more >
CYSEC introduces CYSEC LAB
A security evaluation lab Read more >
CYSEC SA introduces CYSEC ARCA Trusted OS
Secure Sensitive Data and Open the Door to CollaborationRead more >
Eureka program support granted for DiCoQuaNet project
A Distributed Computing over a Quantum-Secure NetworkRead more >
Happy Three-Year Anniversary to CYSEC!
Celebrating three amazing years Read more >
CYSEC joins the GAIA-X Space initiative
The next generation of Europe’s data infrastructureRead more >
Researchers and satellite start-ups meet
Discussing celestial cybersecurityRead more >
Il est trop facile de pirater un satellite et ça menace Internet
Cybersecurity in space and its importanceRead more >
La cybersécurité aussi dans lʹespace
Patrick Trinkler talking about the importance of cybersecurityRead more >
CYSAT’21 – kicking-off March 17TH
Cybersecurity for commercial spaceRead more >
Security for Commercial Space: CYSAT’21 Pioneers Cyber Security Solutions
CYSAT’21 Pioneers Cyber Security SolutionsRead more >
CYSEC – As Seen in BILANZ
CYSEC's journey to a secure operating systemRead more >
CYSEC listed in the CV VC Top 50 report
Listed for the second time in a rowRead more >
Cybersecurity for smallsats
Five security concepts for smallsat operators to followRead more >
The European Champions Alliance partners up with CYSEC & AP-Swiss
CYSAT'21: event dedicated to cyber risks in SpaceRead more >
Patrick Nicolet Joins Board of Directors
Former Capgemini CTO, a new strategic entry Read more >
CYSEC wins Swiss Space Office contract
For a secure in-orbit satellite reconfigurationRead more >
CYSEC and AP-Swiss organize CYSAT’21
The first European event on cybersecurity in spaceRead more >
Run Your Applications On Secure Enclaves
CYSEC partners with Kyos and joins a recognised networkRead more >
Let’s not make Newspace a paradise for hackers
Cyber threats in space and their consequencesRead more >
CYSEC selected for Tech4Trust acceleration program
Most innovative startups of the Lake Geneva regionRead more >
Pryv and CYSEC launch an integrated solution
The personal data & consent management secured middlewareRead more >
CYSEC at Forum EPFL
Startup day at SwissTech Convention CenterRead more >
CYSEC listed in the CV VC Top 50 report
Top 50 organizations in the Blockchain Technology sectorRead more >
SwissPKI Now Available On CYSEC ARCA
LibC Technologies and CYSEC launch a secured SwissPKI Read more >
CYSEC voted Best Security Startup
Ranking #62 in TOP100 Swiss Startup Award 2020Read more >
CYSEC partners up with Leaf Space
Offering end-to-end protection for satellitesRead more >
Confidential Edge Computing For IoT Security
Discover confidential edge computingRead more >
CYSEC SA raises 500’000 Swiss francs from FIT
CYSEC rewarded for its cybersecurity innovative solutionRead more >
CYSEC SA welcomes Howard Yu to its Advisory Board
Director of IMD’s Advanced Management Program Read more >
The Things Industries partners with CYSEC
For a secure on-premises LoRaWAN network deploymentRead more >
CYSEC wins European Space Agency contract
Protect ship tracking communications from cyber threatsRead more >
Next generation security platform
Safeguard critical applications and sensitive digital assetsRead more >
CYSEC joins the LoRa Alliance
Foster cybersecurity adoption in IoTRead more >
CYSEC SA welcomes Pascal Junod to its Advisory Board
Expert in applied cryptography and software protectionRead more >
Cloud Constellation Corporation partners with CYSEC
To deliver enterprise-ready Global Private Cloud ServicesRead more >
CYSEC partners with Build38
Facilitate secure deployment of Mobile App and Fraud ProtectionRead more >
CYSEC secures the smart heaters of Lancey Energy Storage
Protecting IoT ecosystems with CYSEC ARCARead more >
CYSEC to secure Astrocast global IoT network
End-to-end security of IoT Communication of 80 nanosatellitesRead more >
CYSEC wins CSO 2019 AWARD
Innovation in cybersecurity of the yearRead more >
Global Challenge Winner 2019
Winner of the ITU Innovations challengesRead more >
Insight SiP and CYSEC SA awarded Eurostars grant
Secure communications solution for medical IoT devicesRead more >
Singapore festival
Swiss fintechs to showcase innovative solutionsRead more >
CYSEC at Deftech, November 2019
Discussing the Swiss ecosystem for defense innovationRead more >
Come and meet us in October at Forum EPFL
Start Up DayRead more >
CYSEC selected by IMD in startup competition
IMD offers support to promising Swiss startups Read more >
New Solution For Secure Digital Asset Management
Swiss-made crypto asset management ecosystemRead more >
CYSEC selected to take part in ESA’s Business Incubation Programme
Program dedicated to startups innovating in spaceRead more >
REGDATA SA & CYSEC SA announce strategic alliance
Setting secure foundation and use of applicationsRead more >
Sysmosoft SA & CYSEC SA announce strategic alliance
Setting secure foundations of cryptographic technologiesRead more >
GEOSATIS and CYSEC announce technological partnership
For secure deployment and operation of IoT solution Read more >
CYSEC raises 1.5 million Swiss francs
To accelerate the deployment of innovative data security solutionsRead more >
CYSEC receives a FIT seed loan of CHF 100’000
To finalise product development and perform market validationRead more >
Swiss Fintech startups in NY
CYSEC selected to showcase ARCA in Venture Leaders roadshowRead more >