Full credit to Schneider Electric for publicly disclosing the Triton ICS malware discovery.
Fortunately, no major harm was done on this occasion. The industrial control systems (ICS) that run much of our critical national infrastructure have long been in the crosshairs of attackers and nation states.
While Stuxnet was one of the first of its kind, recent years have seen a rise of ICS-enabled malware such as BlackEnergy and CrashOverride.
The timely collaboration of the various US agencies, security vendors and researchers involved with the Triton malware investigation will hopefully be a huge learning curve for other similar organisations, as well as a huge wake up call to the industry as a whole.
It’s time to break down the political barriers and realise that security products can complement existing ICS and networks, and provide invaluable insight in the way of data classification, baselining and anomaly detection, before the real payload is executed.
In this attack, though, the malware accidentally triggered emergency system shutdowns that gave it away. As a result, the hackers never revealed the actual payload they had planned to deliver, or the true intent of their attack