Design/Logic Flaw

Honeywell Experion PKS Safety Manager SM and FSC through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affected components are characterized as: Honeywell...

CVE-2022-30315

CVE-2022-30315 affects Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06. The vulnerability stems from the unauthenticated Safety Builder protocol used to download control logic (block-by-block FLD code) to the CPU module, with no cryptographic authentication or memory protect...

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

The U.S. Department of Justice DOJ has indicted four Russian government employees in connection to plots to cyber-fry critical infrastructure in the United States and beyond, including at least one nuclear power plant. The campaigns involved one of the most dangerous malwares ever encountered in...

Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector

Summary Actions to Take Today to Protect Energy Sector Networks: • Implement and ensure robust network segmentation between IT and ICS networks. • Enforce MFA to authenticate to a system. • Manage the creation of, modification of, use of—and permissions associated with—privileged accounts. This...

CVE-2021-22779

Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert all versions prior to V15.0 SP1, including all versions of Unity Pro, EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert all versions, including all versions of EcoStruxure Hybrid DCS, SCADAPack...

From Triton to Stuxnet: Preparing for OT Incident Response

From an irked former contractor in Australia sabotaging a sewage plant in 2000, to the more high-level 2017 Triton malware attacks on Saudi Arabian petrochemical plants, operational technology OT for critical infrastructure has increasingly been a cybersecurity concern. But now, the COVID-19...

U.S. Levies Sanctions Against Russian Research Institution Linked to Triton Malware

The Trump administration sanctioned a Russia government research institution on Friday claiming it was behind a series of cyberattacks using the highly destructive Triton malware. The Department of the Treasury’s Office of Foreign Assets Control OFAC said the Triton malware had been used in vario...

Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs

ARCHIVED STORY Triton Malware Spearheads Latest Attacks on Industrial Systems Alexandre Mundo · MAR 26, 2020 Malware that attacks industrial control systems ICS, such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that...

More on the Triton Malware

FireEye is releasing much more information about the Triton malware that attacks critical infrastructure. It has been discovered in more places. This is also a good -- but older -- article on Triton. We don't know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both...

SAS 2019: Triton ICS Malware Hits A Second Victim

SINGAPORE – The group behind the Triton malware, which first came to light after a disruptive critical-infrastructure attack on Saudi oil giant Petro Rabigh in 2017, has found a second victim. According to researchers at FireEye, the cybercriminals behind Triton, also called Trisis, have once aga...

Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs

Triton Malware Spearheads Latest Attacks on Industrial Systems | McAfee Blogs Thomas Roccia · NOV 08, 2018 Malware that attacks industrial control systems ICS, such as the Stuxnet campaign in 2010, is a serious threat. This class of cyber sabotage can spy on, disrupt, or destroy systems that mana...

Was the Triton Malware Attack Russian in Origin?

The conventional story is that Iran targeted Saudi Arabia with Triton in 2017. New research from FireEye indicates that it might have been Russia. I don't know. FireEye likes to attribute all sorts of things to Russia, but the evidence here looks pretty good...

Russia launched Triton malware to sabotage Saudi petrochemical plant

By Waqas A few days ago it was reported that a new malware called GreyEnergy has been targeting high-profile industrial and energy sector with espionage and fingers were pointed at Russian hackers. Now, it has been revealed that Petrochemical plants in Saudi Arabia have been on the radar of...

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON...

FireEye: Russian Research Lab Aided the Development of TRITON Industrial Malware

Cybersecurity firm FireEye claims to have discovered evidence that proves the involvement of a Russian-owned research institute in the development of the TRITON malware that caused some industrial systems to unexpectedly shut down last year, including a petrochemical plant in Saudi Arabia. TRITON...

Don't let your factory plant become the next cybersecurity victim

In 2014, a smart refrigerator had been caught red-handed for spawning over 750,000 spam emails after hijacked by a botnet attack. It is the first documented attack worldwide for Internet of Things to have fallen prey to hackersi. A more recent case in the US concerns an internet connected...

Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities

Most manufacturers have connected their operational technology – including industrial control systems and robotic equipment –to the internet, yet the lack of basic security protocols leave these companies open to cyberattacks. Industrial security company Malcrawler pinpointed these dangers at...

FireEye’s Marina Krotofil On Triton and ICS Threats

At the Security Analyst Summit this year in Cancun, FireEye’s Marina Krotofil talks about the Triton malware, first disclosed in December 2017, that targets industrial control systems. Krotofil discusses with Threatpost’s Lindsey O’Donnell about the implications of this malware for the...

A week in security (December 11 – December 17)

Last week we explained what fast flux is and how it's being abused, we showed you all kinds of Bitcoin-related scams, presented a video recording of a tech support scammer trying to sell free software, and pointed out some free software to keep an eye on your Internet traffic. We also informed yo...

Triton Malware Targets Industrial Control Systems in Middle East

Researchers found malware called Triton on the industrial control systems of a company located in the Middle East. Attackers planted Triton, also called Trisis, with the intent of carrying out a “high-impact attack” against an unnamed company with the goal of causing physical damage, researchers...