This group is the default community for every Energy Central registered member. We discuss and share a variety of topics related to the global power industry. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

TRITON Critical Infrastructure Attacks: Overview and Actions

image credit: source: pexels.com

Threat research analysts from the cybersecurity firm FireEye recently announced another detected intrusion into a second critical infrastructure facility by TRITON, an advanced attack framework targeting operational technology (OT) safety systems. This news is particularly concerning for facilities like refineries, petrochemical plants, nuclear power reactors and other critical process control facilities because worker and public safety can potentially be threatened by a security-compromised facility.

In their report, FireEye also revealed the intruders had been operational since 2014. This indicates the attacker’s willingness to patiently wait for an attack opportunity, rather than attack randomly once access is gained. This also indicates an unfortunate likelihood that additional facilities have already been compromised without detection.

TRITON reinforces the mounting priority and need for detection, defense and recovery activities without disproportionately focusing on preventative measures such as anti-malware protection. These attacks don’t typically employ malware – instead they rely on “conduit” systems such as Windows, Linux and other information technology (IT) focused systems traditionally used for administration or remote access to OT devices. These conduit systems are either poorly configured or have known, but unpatched, vulnerabilities.

I encourage all OT security and network engineers and administrators to read the FireEye report and apply the tools, techniques and procedures (TTP) identified in the report to detect and recover from TRITON framework attacks.

Jeff Pack's picture

Thank Jeff for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »