A computer malware discovered in the Middle East is now targeting companies in North America, according to a report in the MIT Technology Review,
Triton is a frightening new malware that responders say is designed to cause damage to human life. One such instance, in Saudia Arabia, nearly took down a petrochemical plant.
Julian Gutmanis, a malware first responder, had to take care of an attack at a plant in Saudi Arabia in 2017. “This was the first time the cybersecurity world had seen code deliberately designed to put lives at risk,” he told the Technology Review.
In the worst case scenario, the plant could have released toxic hydrogen sulfide gas or caused explosions—but, luckily, Gutmanis was able to take control back of the plant.
Triton allows hackers to take control of these systems remotely—which, in the wrong hands, could have terrible consequences. Dragos, a cybersecurity firm, says hackers now look for targets outside of the Middle East, including in North America.
“I’ve been into a lot of plants in the U.S. that were nowhere near as mature [in their approach to cybersecurity] as this organization was,” he told the Technology Review. He added the attack likely came from employees working from inside the firm.
While Iran was initially believed to be behind Triton, Security experts from FireEye are now looking at a different culprit: Russia, and more specifically the Central Scientific Research Institute of Chemistry and Mechanics in Moscow (even though the firm was not able to draw clear links).
So what can companies do to be protected from this type of attack? The Technology Review says a strategy known as “defense in depth,” using multiple layers of security to separate corporate networks from the internet.
Still, experts now urge American companies to revisit all their operations in order to reduce the risk posed by malware such as Triton.