The Briefing Room
General Category => Science, Technology and Knowledge => Computers => Topic started by: bigheadfred on March 08, 2019, 12:48:39 am
-
https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/ (https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/)
Triton is the world’s most murderous malware, and it’s spreading
by Martin Giles March 5, 2019
The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.
As an experienced cyber first responder, Julian Gutmanis had been called plenty of times before to help companies deal with the fallout from cyberattacks. But when the Australian security consultant was summoned to a petrochemical plant in Saudi Arabia in the summer of 2017, what he found made his blood run cold.
The hackers had deployed malicious software, or malware, that let them take over the plant’s safety instrumented systems. These physical controllers and their associated software are the last line of defense against life-threatening disasters. They are supposed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering things like shutoff valves and pressure-release mechanisms.
The malware made it possible to take over these systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm. It triggered a response from a safety system in June 2017, which brought the plant to a halt. Then in August, several more systems were tripped, causing another shutdown.
-
snip
However, not even the most pessimistic of cyber-Cassandras saw malware like Triton coming. “Targeting safety systems just seemed to be off limits morally and really hard to do technically,†explains Joe Slowik, a former information warfare officer in the US Navy, who also works at Dragos.
Other experts were also shocked when they saw news of the killer code. “Even with Stuxnet and other malware, there was never a blatant, flat-out intent to hurt people,†says Bradford Hegrat, a consultant at Accenture who specializes in industrial cybersecurity.
-
https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/ (https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/)
Triton is the world’s most murderous malware, and it’s spreading
by Martin Giles March 5, 2019
The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.
As an experienced cyber first responder, Julian Gutmanis had been called plenty of times before to help companies deal with the fallout from cyberattacks. But when the Australian security consultant was summoned to a petrochemical plant in Saudi Arabia in the summer of 2017, what he found made his blood run cold.
The hackers had deployed malicious software, or malware, that let them take over the plant’s safety instrumented systems. These physical controllers and their associated software are the last line of defense against life-threatening disasters. They are supposed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering things like shutoff valves and pressure-release mechanisms.
The malware made it possible to take over these systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm. It triggered a response from a safety system in June 2017, which brought the plant to a halt. Then in August, several more systems were tripped, causing another shutdown.
@thackney Just a head's up, because this is likely the dream of the dangerous breed of ecowhackos that are out there shutting down pipeline valves now. (Not to mention a form of asymmetrical warfare.)
-
Can we start executing these virus writers?
-
snip
However, not even the most pessimistic of cyber-Cassandras saw malware like Triton coming. “Targeting safety systems just seemed to be off limits morally and really hard to do technically,†explains Joe Slowik, a former information warfare officer in the US Navy, who also works at Dragos.
Other experts were also shocked when they saw news of the killer code. “Even with Stuxnet and other malware, there was never a blatant, flat-out intent to hurt people,†says Bradford Hegrat, a consultant at Accenture who specializes in industrial cybersecurity.
If they were shocked, they underestimated the malicious nature of not only geopolitical enemies, but dirt-worshipers who already have tried to create situations where pipelines or other infrastructure fail to further their jihad against industry.
-
Can we start executing these virus writers?
Funny you say that, some of these hacker types are tech smart, street stupid. There are many companies, govts, and organizations that will off you and your team for screwing with them like that.
What I'm concerned about is that the ones behind this might be real terrorists or state actors.
-
ANY and every critical system needs to be air-gapped.
End of story.
-
ANY and every critical system needs to be air-gapped.
End of story.
That works best for keeping things secure, unless Hillary is loading them onto her server, that is....
-
ANY and every critical system needs to be air-gapped.
End of story.
How do you air gap our electrical grid?
-
What is an Air Gapped Computer?
Read more at: https://www.thesslstore.com/blog/air-gapped-computer/ (https://www.thesslstore.com/blog/air-gapped-computer/)
-
How do you air gap our electrical grid?
The control equipment, not the grid itself. Every critical system needs to have a manual override and an air-gapped control. All that crap should run manually on the flip of a (manual) switch.
-
The control equipment, not the grid itself. Every critical system needs to have a manual override and an air-gapped control. All that crap should run manually on the flip of a (manual) switch.
And that is where the Hillary Option comes in. Or the Snowden Apocalypse. IOW, the human factor.
-
And that is where the Hillary Option comes in. Or the Snowden Apocalypse. IOW, the human factor.
Sure... And physical security has to counteract anyone having physical access to the system...
My place has backdoors in security. Like every lazy fat-assed admin, it is too easy to allow myself the convenience of logging in from the internet to take care of things while I am on the road.
That is the problem. And it is getting worse. But the way I am rigged, all I have to do is walk over and unplug one switch, and all those backdoors physically go away, and I am wholly locked down.
That is not air - gapped per se but all the doors are immediately gone.
That manual end game will always always be there.
-
The control equipment, not the grid itself. Every critical system needs to have a manual override and an air-gapped control. All that crap should run manually on the flip of a (manual) switch.
They need to look no further than the American Nuke plants. The process control computer network is isolated from the internet and can only be hacked as a result of an inside job. The NRC takes this stuff very seriously. Every plant has a data server that has a one way feed from the process computer so the NRC and pant personnel can look at the data without accessing the process computer.
-
They need to look no further than the American Nuke plants. The process control computer network is isolated from the internet and can only be hacked as a result of an inside job. The NRC takes this stuff very seriously. Every plant has a data server that has a one way feed from the process computer so the NRC and pant personnel can look at the data without accessing the process computer.
Sadly, that is not the case with utilities, or corporate industry in general. Analog is so 80's, after all...
-
Sadly, that is not the case with utilities, or corporate industry in general. Analog is so 80's, after all...
Yep, I know.
-
Sadly, that is not the case with utilities, or corporate industry in general. Analog is so 80's, after all...
Analog is way easier to "hack" than digital. For example, hot wiring a car, etc.
-
Analog is way easier to "hack" than digital. For example, hot wiring a car, etc.
Yabbut, you have to be there.
-
Yabbut, you have to be there.
Social engineering makes that possible. Everything is "hackable".
-
Social engineering makes that possible. Everything is "hackable".
There is a difference between stealing a vehicle and blowing up an oil refinery using the safety mechanisms to cause problems. One is trouble, sure, but the other the sort of thing you would not want to 'be there' for. You'd want to be at least a few miles away. Hacking digital systems has the potential to give that capability from anywhere in the world as opposed to standing in the heart of the coming conflagration.
-
Analog is way easier to "hack" than digital. For example, hot wiring a car, etc.
@Weird Tolkienish Figure
No.
You can have a valve that has an electronic motor - that's fine. But have an analog override (an actual manual valve).
The valve with the electronic motor can be operated with a servo, but have a switch too.
The servo that operates the electronic motor can be operated by a computer, but have a switch too.
the computer can be operated by a local network, but the computer should be able to do that job air-gapped too.
The local network can be operated by a wider domain, but it should first be able to function air-gapped too.
And so on.
It is called redundancy. And it is important. IT and top brass have a similar mindset, call it a 'god complex' or 'castle mentality'. Central control. It is foolish. The guy running the floor with 25 years of experience sure as hell knows better when to turn that valve than you do.
Distributed and redundant simple systems are, in the end, the easiest to protect. Look at it this way:
You will always have the analog component to protect. That relies upon actual boots-on-the-ground.
Everything bolted onto that physical site on the ground is just another level you have to protect.
So the further the control is from that valve, the more protections are required. And each level has it's own vulnerabilities. And every vulnerability has an exploit. Every one.
-
Social engineering makes that possible. Everything is "hackable".
Every layer is susceptible to social engineering. The one most needful to protect is the actual device.
I am a fairly adept hacker. I can guarantee you, no matter what security you may put in place else-wise, The very most important item to protect is your physical computer. If I get my hands on that, you cannot stop me at all. Not only can I walk right in once I have my hands on your keyboard, I can also eliminate any trace that I was there.
That is never going to change. No matter how big and complex your organization and security becomes, that computer is always going to be a vulnerability.
-
@roamer_1, would you mind talking about VPNs? Do I need one? I'm not on standard wired cable internet.
-
@roamer_1, would you mind talking about VPNs? Do I need one? I'm not on standard wired cable internet.
@Sanguine
VPN=Virtual Private Networking - It is used to tie remote locations to a local network. IOW, if you are down in town and forgot something on your computer at home, you can use a laptop to access your home network from a coffee shop or some such. Or you are a virtual secretary working from home, so you need to be let in to a business's network to perform your duty...
In a word, no. Unless you need remote access to your system, which opens a whole dang can of worms, you have no need for VPN.
I don't know your exact situation nor requirements, but as a rule, if your machines in your house are behind a properly configured router, that is all you need. But you DO need that, even with one machine, and pretty well regardless of your internet source...
My cable company provided me with a wireless router (under their control)... Plug n' play. woohoo!
Nope. Brought it back and requested a bridged modem, and I will operate my own dang router, thank you very much. That router is the front door to your system.
-
@Sanguine
VPN=Virtual Private Networking - It is used to tie remote locations to a local network. IOW, if you are down in town and forgot something on your computer at home, you can use a laptop to access your home network from a coffee shop or some such. Or you are a virtual secretary working from home, so you need to be let in to a business's network to perform your duty...
In a word, no. Unless you need remote access to your system, which opens a whole dang can of worms, you have no need for VPN.
I don't know your exact situation nor requirements, but as a rule, if your machines in your house are behind a properly configured router, that is all you need. But you DO need that, even with one machine, and pretty well regardless of your internet source...
My cable company provided me with a wireless router (under their control)... Plug n' play. woohoo!
Nope. Brought it back and requested a bridged modem, and I will operate my own dang router, thank you very much. That router is the front door to your system.
Thanks, that's sort of what I thought. I use satellite internet and when that runs out, I use a mobile hotspot the rest of the time and whenever I travel. I never use public networks.
-
Thanks, that's sort of what I thought. I use satellite internet and when that runs out, I use a mobile hotspot the rest of the time and whenever I travel. I never use public networks.
@Sanguine
You might consider one of those base-station cellular units.... They are way more powerful than your phone, and will deliver much better service than using your phone to hotspot.
Might be a cellular repeater/antenna involved too... I don't know about by your needs exactly, But Straight Talk, over to the Wallyworld is about a 100 dollar investment for the unit and somewhere between 35 and 55 a month (depending on your bandwidth)... If you need an antenna, that'd be more (maybe another hundred)...
Most of the hillbillies up here that can, do it that way, Cheaper and better then sat, and if you can do internet for TV, you can get rid of sat altogether.
You should check it out. If you get cell service at your house, it is a good option.
-
@Sanguine
You might consider one of those base-station cellular units.... They are way more powerful than your phone, and will deliver much better service than using your phone to hotspot.
Might be a cellular repeater/antenna involved too... I don't know about by your needs exactly, But Straight Talk, over to the Wallyworld is about a 100 dollar investment for the unit and somewhere between 35 and 55 a month (depending on your bandwidth)... If you need an antenna, that'd be more (maybe another hundred)...
Most of the hillbillies up here that can, do it that way, Cheaper and better then sat, and if you can do internet for TV, you can get rid of sat altogether.
You should check it out. If you get cell service at your house, it is a good option.
I think we're talking about the same thing re: the base-station cellular unit. I have one and it works better than the satellite internet. But, I only get 20G per month, so I alternate.
-
I think we're talking about the same thing re: the base-station cellular unit. I have one and it works better than the satellite internet. But, I only get 20G per month, so I alternate.
@Sanguine
Alright. Good enuff...
Might go looking though... unlimited bandwidth plans are about as cheap as for regular phones...
Like I said, one of my buddies lives up in the sticks and uses Straight Talk, gets unlimited bandwidth for something like 50 bucks a month... That gives him a home phone and internet... Once he got that, he quit sat as fast as he could, as it was costing him way, way more than that.
But, I reckon you already shopped around, so if that's all you can do, good on ya.
:beer:
-
@Sanguine
Alright. Good enuff...
Might go looking though... unlimited bandwidth plans are about as cheap as for regular phones...
Like I said, one of my buddies lives up in the sticks and uses Straight Talk, gets unlimited bandwidth for something like 50 bucks a month... That gives him a home phone and internet... Once he got that, he quit sat as fast as he could, as it was costing him way, way more than that.
But, I reckon you already shopped around, so if that's all you can do, good on ya.
:beer:
I appreciate the advice. I'm pretty much stuck with one provider out here. Just not enough people for much competition to develop. And I prefer the lousy service to more people. happy77
-
Being a computer des not necessarily mean it's connected to a network.
Physical security is important but with proper encryption a hard drive is hard to "hack".
Have computerized controls has additional safeguards like alerting improper access attempts and such.
-
Being a computer des not necessarily mean it's connected to a network.
I know.
Physical security is important but with proper encryption a hard drive is hard to "hack".
I know that too - but the physical security is the more important of the two. The problem with encryption is that it is subject to failure, and if it fails, it is a brick. So encrypted drives are always backed up somewhere in a non-encrypted fashion. That is the easier way. But don't trust your hard drive encryption too far, because I have done it the hard way too.
Have computerized controls has additional safeguards like alerting improper access attempts and such.
Which can often be spoofed
-
Anyone using Triconex for a plant-wide SIS deserves what they get.