Disturbing New Attack on Critical Infrastructure Site

A Infrastructure Attack

A new Trojan virus was found. This virus targets critical infrastructure.  Exact details of the attack have not been given due to the nature of the event.  There is some information that we do know.  First the virus did cause an outage, but not in a way it was likely intended.  Second, we know what was targeted and how.  The virus targeted the so called SIS or “Safety Instrumented System” at the target location.  This system is used to monitor and prevent unsafe conditions.  During what was likely a probe into the system by the threat actor, the system registered an error causing a shutdown.  This was likely not the intended result and allowed the virus to be found.

The actual end goal remains unknown.  It is possible that the culprits were trying to disable the system. This would allow unsafe conditions to occur leading to an accident or shutdown.  This also could be a way into the system to eventually cause physical damage to the site.  Because of the target, the lack of financial gain, and the complexity of the attack it is currently assumed that this was done by a nation state actor.

Critical InfrastructureWhy is This Worrying?

This attack is troubling for a few reasons.  First, this is a new tactic and one that is likely to be duplicated for future attacks.  Second, this is another attack in a series of disturbing attacks on industrial control centers.  The most notable previous being attacks on Ukrainian power plants that shut them down.  Finally, the unknowns are unsettling, this type of attack have little financial gain for the attacker.  The only result is to disturb people’s lives and government.  These types of cyber attacks done simultaneously, would likely be first moves in an actual physical attack.  The fact that some nation is developing this capability is disturbing to what the end goal might be.

Protocol 46 can help provide protection against such attacks through our anti virus software.  Make sure you stay safe through persistent monitoring by our cyber security experts.  If this topic interests you, or want to know more as details emerge, make sure to check back for the latest news from Protocol 46 analysts.


Post by Remote Process