Leaders at the National Cyber Security Centre lift the lid on the impact of and lessons learned from the Triton malware assault
A participant in cyber defence exercise run by NATO’s Allied Command Transformation analyses real-time threat information Credit: SHAPE NATO/Public domain
If you asked most people to conjure a mental image of the effects of a cyberthreat, most would probably call to mind a scenario involving hacked online accounts or stolen credit card details. While clearly traumatising for victims, that kind of practical damage can, thankfully, often be undone with a few phone calls or emails.
A quick search for news headlines related to the Triton malware, which is widely reported to have hit a Saudi petrochemical plant and in 2017, reveals that this is a different beast altogether.
Triton is the world’s most murderous malware, and it’s spreading.
Murderous malware: Can a computer virus turn deadly?
Triton is a new malware ‘deliberately’ designed to put lives at risk.
The motives of the Triton attackers are not known for certain, but it is safe to assume that, in targeting a critical infrastructure facility, the intent was to wreak serious harm. The attack was aimed at the refinery’s operational safety systems, rather than its IT systems.
Deborah Petterson, deputy director for critical national infrastructure at National Cyber Security Centre, explains that these systems – “the ones that can actually go ‘bang’ if they go wrong” – are designed to offer additional layers of security than cyber defences.
“If safety instruments see that actual physical characteristics – the temperature or the pressure – start to go wonky, then the system will safely shut down,” she says. “So, why this particular incident (Triton) was interesting, is it is the very first time that we saw an adversary go for that safety system. You see, if you mess with that safety system, then that safe shutdown might be at risk.”
Having got in, the attackers seemingly “made a mistake” that exposed the threat to cybersecurity firm FireEye and Schneider Electric, the firm behind the safety system in question.
“It is FireEye’s belief that they had not meant to expose themselves at that stage,” Petterson says. “It had been two years of work… building up to the point at which it failed.”
This likely represented something of a lucky escape – one that the NCSC and its industry partners wish to learn from. Petterson’s advice for operators of critical infrastructure is to begin with a thorough examination of their operational systems.
“The first [step]… is actually knowing where their safety systems are, and how they are connected… The one in this example was 15 years old – when is the last time you actually looked at your risk management around that?,” she says. “Have you got the detection systems where you can go searching for those indicators of compromise? [We are] working on getting the intelligence out there – but if you can’t feel that intelligence, if you haven’t got the monitoring and detection systems that you need, then it is going to be useless. When that information is out there – can you deploy it?”
But, as any security professional can no doubt attest, even the most up-to-date system cannot protect against the threat of human error. This was demonstrated by the example of the Triton attack.
“This took a huge amount of investment, expertise, and knowledge. Luckily, today there aren’t that many adversaries with that capability, but I would certainly say that we see a number of adversaries that we track developing their maturity along that spectrum.”
Paul Chichester, NCSC
“This system is a very old one, and you had to stick a key in it,” Petterson says. “Someone left the key in, turned to ‘program’.”
She adds: “People talk about the security through obsolescence – well this was 15-year-old kit, it had been there 10 years, and been designed five years before that. What it shows is that, if someone is prepared to put the effort in, they can learn this stuff – and, in this case, they have reverse-engineered the protocols in order to get in there. That argument is never a good one when you say ‘my kit is so old is fine’ – actually, no it’s not.”
Ian Levy, technical director at the NCSC, says that a major takeaway from the attack should be the need for cybersecurity and operational safety people to work harmoniously together.
He says: “There is a mantra in the cybersecurity community, that says ‘safety people will never patch’, because they are too scared to ever patch anything. And there is a mantra in the safety community that says ‘cybersecurity people are cowboys’, because they patch really quickly. Neither of those things are true… it is about trying to bring those safety and security cultures together, so they can have a common conversation.”
Zero consequences
Triton was an example of a zero-day attack. Such assaults exploit vulnerabilities that the target of the attack was not previously aware of – and for which there is, consequently, no pre-existing fix or patch. This makes them much more difficult to respond to than assaults on known weakness and, as a result, potentially much more destructive. They are so called because there is no time – ‘zero days’ – between the discovery of a weakness and its exploitation by hostile actors.
Due to their severity, and the fact they are often aimed at high-profile targets, zero-day attacks typically attract a high amount of attention and public scrutiny.
Paul Chichester, director of operations at the NCSC, tells PublicTechnology that, while such breaches remain “extremely rare”, it is important to heed the warning that Triton represents.
He says: “Triton is very much a wake-up call… we are trying to get people to realise that… there is a lot of talk about these things not being possible, and you hear about cyberattacks and think ‘that couldn’t happen’. This is a real case where it did. Clearly, there was an actor, with an intent – why was somebody on a safety system on a refinery? You can make up your own theories around that.”
Chichester adds: “What I certainly don’t want to do is get people thinking that we see this all the time… if you think about the complexity of writing malware to be on a controller for a safety control system – that takes a huge amount of investment, expertise, and knowledge. Luckily, today there aren’t that many adversaries with that capability, but I would certainly say that you see that maturity and you see a number of adversaries that we track developing their maturity along that spectrum… There is quite a number of actors who are on that spectrum – but there are very few who are at the end of Triton.”
“The challenge for us is how many incidents out there have not been investigated to the depth that this one was, to prove that it was actually malware?,” Chichester says. “How many normal failures are there that aren’t investigated?”
This article is part of the Government Cybersecurity Index – two weeks of content on PublicTechnology focused on the state of data protection and security across the public sector. Look out in the coming days for more exclusive research, insight, comment, and analysis, and click here to read our exclusive research revealing which government department suffers far more data breaches than any other.
Leah Mifsud OnlyFans Mega Link Download ( Visit https://archiver.fans )
Hola Bulma OnlyFans Mega Link Download ( Visit https://archiver.fans )
Genesis Mia Lopez OnlyFans Mega Link Download
Fansly Leaks Mega Link
Black Ass Jenny OnlyFans Mega Link Download
Lexi 2 Legit OnlyFans Mega Link Download
Ima Cri Baby OnlyFans Mega Link Download ( Visit https://archiver.fans )
Updated Only Fans Leaks ( Visit https://archiver.fans )
10TB Only Fans Mega ( Visit https://archiver.fans )
Mulan Hernandez OnlyFans Mega Link Download ( Visit https://archiver.fans )
Lexi 2 Legit OnlyFans Mega Link Download
Its Lunar Liv OnlyFans Mega Link Download
Only Fans Leaks Mega Folders
Hola Bulma OnlyFans Mega Link Download ( Visit https://archiver.fans )
Rebecca J OnlyFans Mega Link Download ( Visit https://archiver.fans )
Only Fans Leaks Mega Folders
Daalischus Rose OnlyFans Mega Link Download
Mega Link Shop ( Visit https://archiver.fans )
Genesis Mia Lopez OnlyFans Mega Link Download
Lexi 2 Legit OnlyFans Mega Link Download
Hot 4 Lexi OnlyFans Mega Link Download ( Visit https://archiver.fans )
Only Fans Leaks Free Download
Buy Leaked Only Fans ( Visit https://archiver.fans )
Emmanuel Lustin OnlyFans Mega Link Download ( Visit https://archiver.fans )
Mega Link Shop ( Visit https://archiver.fans )
Buy Leaked Content ( Visit https://archiver.fans )
Buy Fansly Leaks ( Visit https://archiver.fans )
Updated Only Fans Leaks ( Visit https://archiver.fans )
Emmanuel Lustin OnlyFans Mega Link Download ( Visit https://archiver.fans )
Daalischus Rose OnlyFans Mega Link Download
North Natt OnlyFans Mega Link Download
Hot 4 Lexi OnlyFans Mega Link Download ( Visit https://archiver.fans )
Black Ass Jenny OnlyFans Mega Link Download
Mega Link Shop ( Visit https://archiver.fans )
Rebecca J OnlyFans Mega Link Download ( Visit https://archiver.fans )
8TB Only Fans Mega ( Visit https://archiver.fans )
Taylor Hall OnlyFans Mega Link Download
Mikaila Dancer OnlyFans Mega Link Download
Gina WAP OnlyFans Mega Link Download ( Visit https://archiver.fans )
Caaart OnlyFans Mega Link Download
TheRealRebeccaJ OnlyFans Mega Link Download
North Natt OnlyFans Mega Link Download
Buy Leaked Content ( Visit https://archiver.fans )
Corinna Kopf OnlyFans Mega Link Download ( Visit https://archiver.fans )
Taylor Hall OnlyFans Mega Link Download
Ima Cri Baby OnlyFans Mega Link Download ( Visit https://archiver.fans )
Emmanuel Lustin OnlyFans Mega Link Download ( Visit https://archiver.fans )
Genesis Mia Lopez OnlyFans Mega Link Download
Mega Link Store
Daalischus Rose OnlyFans Mega Link Download
Buy Mega Links ( Visit https://archiver.fans )
Only Fans Leaks Updates
Its Lunar Liv OnlyFans Mega Link Download
8TB Only Fans Mega ( Visit https://archiver.fans )
Mega Link Store
Im xXx Dark OnlyFans Mega Link Download ( Visit https://archiver.fans )
Rebecca J OnlyFans Mega Link Download ( Visit https://archiver.fans )
Only Fans Leaks Updates
Emmanuel Lustin OnlyFans Mega Link Download ( Visit https://archiver.fans )
Buy Leaked Only Fans ( Visit https://archiver.fans )
Bulma XO OnlyFans Mega Link Download
10TB Only Fans Mega ( Visit https://archiver.fans )
3TB Only Fans Mega
Only Fans Leaks Updates
Only Fans Leaks Free Download
Updated Only Fans Leaks ( Visit https://archiver.fans )
Barely Legal Lexi OnlyFans Mega Link Download
Updated Only Fans Leaks ( Visit https://archiver.fans )
Mega Link Store
Rebecca J OnlyFans Mega Link Download ( Visit https://archiver.fans )
Hola Bulma OnlyFans Mega Link Download ( Visit https://archiver.fans )
TheRealRebeccaJ OnlyFans Mega Link Download
Bulma XO OnlyFans Mega Link Download
Mega Link Shop ( Visit https://archiver.fans )
Black Ass Jenny OnlyFans Mega Link Download
Only Fans Leaks Updates
Mega Link Shop ( Visit https://archiver.fans )
Emmanuel Lustin OnlyFans Mega Link Download ( Visit https://archiver.fans )
Buy Leaked Content ( Visit https://archiver.fans )
Im xXx Dark OnlyFans Mega Link Download ( Visit https://archiver.fans )
Genesis Mia Lopez OnlyFans Mega Link Download
Rubi Rose OnlyFans Mega Link Download
Hola Bulma OnlyFans Mega Link Download ( Visit https://archiver.fans )
GG With The WAP OnlyFans Mega Link Download
8TB Only Fans Mega ( Visit https://archiver.fans )
Buy Leaked Content ( Visit https://archiver.fans )
Yasmine Lopez OnlyFans Mega Link Download ( Visit https://archiver.fans )
Crii Baby RiRi OnlyFans Mega Link Download ( Visit https://archiver.fans )
Hola Bulma OnlyFans Mega Link Download ( Visit https://archiver.fans )
North Natt OnlyFans Mega Link Download
Only Fans Leaks Free Download
Hot 4 Lexi OnlyFans Mega Link Download ( Visit https://archiver.fans )
GinaWAP Only Fans Leaks ( https://urbancrocspot.org/gina-wap-gg-with-the-wap-only-fans-mega-link-9gb/ )
GinaWAP Only Fans Leaks ( https://urbancrocspot.org/gina-wap-gg-with-the-wap-only-fans-mega-link-9gb/ )
WavyTing OnlyFans Leaks Mega Folder Link Download ( https://UrbanCrocSpot.org )
BombshellMint ( https://UrbanCrocSpot.org/shop )
GinaSavageX OnlyFans Leaks Mega Folder Link Download ( https://CrocSpot.Fun )
Bombshell Mint OnlyFans Leaks ( https://urbancrocspot.org/the-real-bombshell-mint-only-fans-mega-link/ )
GGWithTheWAP Mega Folder Download ( https://urbancrocspot.org/gina-wap-gg-with-the-wap-only-fans-mega-link-9gb/ )
GinaWAP Only Fans Leaks ( https://urbancrocspot.org/gina-wap-gg-with-the-wap-only-fans-mega-link-9gb/ )
Bunz4Ever OnlyFans Leaks Mega Folder Link Download
SazonDePuertoRicoINC OnlyFans Leaks Mega Folder Link Download
Tytiania Sargent Nude Leaks ( https://UrbanCrocSpot.org/ )
GinaWAP Only Fans PPVS Download https://urbancrocspot.org/tag/gg-with-the-wap/
Tytiania Sargent OnlyFans Leaks ( https://urbancrocspot.org/the-real-bombshell-mint-only-fans-mega-link/ )
Mexican Easy Pharm: Mexican Easy Pharm – Mexican Easy Pharm
reputable mexican pharmacies online https://mexicaneasypharm.shop/# best online pharmacies in mexico
purple pharmacy mexico price list
https://cytpharm.shop/# CytPharm
prednisone canada pharmacy
http://cytpharm.com/# CytPharm
prednisone 5 mg tablet price
https://cytpharm.com/# buy cytotec
prednisone for sale online
https://predpharm.com/# PredPharm
buy prednisone online without a script
http://semapharm24.com/# semaglutide tablets price
can i order prednisone
http://semapharm24.com/# SemaPharm24
prednisone drug costs
http://predpharm.com/# prednisone tablets 2.5 mg
where can i get prednisone
https://kamapharm.shop/# Kama Pharm
prednisone 10
https://cytpharm.com/# CytPharm
prednisone daily use
http://dappharm.com/# dap pharm
prednisone buying
https://predpharm.shop/# prednisone buy cheap
prednisone pak
https://predpharm.com/# prednisone without a prescription
prednisone 30
https://kamapharm.shop/# Kama Pharm
buy prednisone online fast shipping
https://farmasilditaly.com/# alternativa al viagra senza ricetta in farmacia
farmacie online sicure
https://farmabrufen.com/# Brufen senza ricetta
farmacia online piГ№ conveniente
https://farmabrufen.com/# BRUFEN prezzo
Farmacie on line spedizione gratuita
https://farmaprodotti.com/# migliori farmacie online 2024
Farmacie online sicure
Farmacie on line spedizione gratuita Cialis generico migliori farmacie online 2024
https://farmaprodotti.com/# Farmacie on line spedizione gratuita
farmacia online senza ricetta
http://jugabet.xyz/# Las redes sociales promocionan eventos de casinos.
Casinos offer delicious dining options on-site.
Game rules can vary between casinos.: taya777 login – taya777 login
jugabet jugabet La mГєsica acompaГ±a la experiencia de juego.
https://taya777.icu/# Security measures ensure a safe environment.
Casino promotions draw in new players frequently.
The casino scene is constantly evolving.: taya365.art – taya365 login
https://phtaya.tech/# The poker community is very active here.
Poker rooms host exciting tournaments regularly.
Casinos offer delicious dining options on-site.: taya777 login – taya777 login
http://taya365.art/# The casino industry supports local economies significantly.
Gambling regulations are strictly enforced in casinos.
taya365 login taya365.art The gaming floors are always bustling with excitement.
https://winchile.pro/# La historia del juego en Chile es rica.
Players enjoy both fun and excitement in casinos.
Game rules can vary between casinos.: taya777 – taya777.icu
http://jugabet.xyz/# Los casinos organizan eventos especiales regularmente.
Poker rooms host exciting tournaments regularly.
taya365 login taya365 The Philippines has several world-class integrated resorts.
Poker rooms host exciting tournaments regularly.: taya365 login – taya365
http://jugabet.xyz/# Los pagos son rГЎpidos y seguros.
Loyalty programs reward regular customers generously.
Gambling can be a social activity here.: phmacao club – phmacao.life
https://phmacao.life/# Manila is home to many large casinos.
The Philippines has a vibrant nightlife scene.
phtaya phtaya Some casinos feature themed gaming areas.
https://phtaya.tech/# Casinos often host special holiday promotions.
Slot machines feature various exciting themes.
The ambiance is designed to excite players.: phmacao.life – phmacao com
http://jugabet.xyz/# La historia del juego en Chile es rica.
Slot machines attract players with big jackpots.
Casino visits are a popular tourist attraction.: taya777.icu – taya777 login
winchile casino win chile Los juegos de mesa son clГЎsicos eternos.
https://phtaya.tech/# Game rules can vary between casinos.
Live music events often accompany gaming nights.
Los casinos son lugares de reuniГіn social.: winchile – winchile
https://jugabet.xyz/# Los jugadores deben jugar con responsabilidad.
Live dealer games enhance the casino experience.
phmacao com phmacao Promotions are advertised through social media channels.
https://winchile.pro/# La diversiГіn nunca se detiene en los casinos.
Many casinos host charity events and fundraisers.
Poker rooms host exciting tournaments regularly.: taya777 register login – taya777.icu
https://taya365.art/# Resorts provide both gaming and relaxation options.
Game rules can vary between casinos.
п»їCasinos in the Philippines are highly popular.: phtaya.tech – phtaya casino
http://taya365.art/# The Philippines has a vibrant nightlife scene.
The thrill of winning keeps players engaged.
winchile winchile casino Las tragamonedas ofrecen grandes premios.
Live music events often accompany gaming nights.: taya777.icu – taya777
Los juegos de mesa son clГЎsicos eternos.: jugabet.xyz – jugabet casino
https://winchile.pro/# Los casinos garantizan una experiencia de calidad.
Loyalty programs reward regular customers generously.
Casino promotions draw in new players frequently. http://taya365.art/# Many casinos host charity events and fundraisers.
http://phtaya.tech/# Online gaming is also growing in popularity.
Most casinos offer convenient transportation options.
Los casinos reciben turistas de todo el mundo.: winchile casino – winchile