Hackers halt plant operations in watershed cyber attack
« prev   random   next »


Hackers halt plant operations in watershed cyber attack

By BayAreaObserver following x   2017 Dec 15, 4:28pm 138 views   1 comments   watch   sfw   quote     share    

FireEye Inc (FEYE.O) disclosed the incident on Thursday, saying it targeted Triconex industrial safety technology from Schneider Electric SE (SCHN.PA).

Schneider confirmed that the incident had occurred and that it had issued a security alert to users of Triconex, which cyber experts said is widely used in the energy industry, including at nuclear facilities, and oil and gas plants.

FireEye and Schneider declined to identify the victim, industry or location of the attack. Cyber-security company Dragos said the hackers targeted an organization in the Middle East, while a second firm, CyberX, said it believe the victim was in Saudi Arabia.

It marks the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing attention on breaking into utilities, factories and other types of critical infrastructure, cyber experts said.

Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks, they said.

Safety systems “could be fooled to indicate that everything is okay,” even as hackers damage a plant, said Galina Antova, co-founder of cyber-security firm Claroty.

“This is a watershed,” said Sergio Caltagirone, head of threat intelligence with Dragos. “Others will eventually catch up and try to copy this kind of attack.”

In the incident, hackers used sophisticated malware to take remote control of a workstation running a Schneider Electric Triconex safety shutdown system, then sought to reprogram controllers used to identify safety issues. Some controllers entered a fail safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye said.

FireEye believes the attacker’s actions inadvertently caused the shutdown while probing the system to learn how it worked, said Dan Scali, who led FireEye’s investigation.

The attackers were likely conducting reconnaissance to learn how they could modify safety systems so they would not operate in the event that the hackers intended to launch an attack that disrupted or damaged the plant, he said.

More: https://www.reuters.com/article/us-cyber-infrastructure-attack/hackers-halt-plant-operations-in-watershed-cyber-attack-idUSKBN1E8271?il=0

This is extremely serious and is not getting much if any coverage. The potential to disrupt everyday life for months at a time via the electrical grid and similar is well within reach.

#SciTech #Hacking #CyberAttack

1   BayAreaObserver   ignore (1)   2018 Jan 9, 2:19am   ↑ like (0)   ↓ dislike (0)     quote      

Why A Cyberattack Could Cause Infrastructure To Fall Like Dominoes.

In February of 2017, a strong windstorm knocked down power lines in Wyoming, forcing water and sewage treatment plants to operate on backup generators. The pumps that moved sewage from low-lying areas to the treatment plants on higher ground didn’t have backup power. As inclement weather prolonged the outages, the sewers backed up. Authorities cut water service to the area. The hope was simple: Without water, there’d be no waste.

A strong windstorm in Wyoming can tell us quite a bit about the worst effects of cyberwar.

While government officials tasked with disaster planning have long focused on the cascading effects of power outages from natural disasters, only recently have they realized the effects of cyber warfare could be quite similar. In fact, natural disasters serve as excellent examples of the unforeseen consequences that a cyberattack against infrastructure will have.

Earlier this year, the U.S. Naval War College held a war game to examine the effects of cyberattacks on critical infrastructure and showed that “c ross-sector dependencies on electricity, transportation, and wastewater systems made significant attacks on these sectors exponentially more deleterious .” The full results of the Naval War College’s war game aren’t available yet, but a review of disaster planning research can give examples of the way prolonged power outages could drive consequences few consider.

Imagine, for example, a hypothetical DDoS attack leads to a shutdown of a major urban water system. Many of the controls used to cool computer systems and power generating systems and telecommunications systems rely on water. If water cannot be pumped, these systems might turn to backups, which might be limited. That could lead to both a power outage, and a telecommunications outage. That, in turn, would lead to diminished cell phone and internet traffic. Nearly 70 percent of the food Americans eat passes through a vast network of refrigerated warehouses. With no power and no communications, the logistics teams that keep track of that food would have no way to keep their products cool and no way to coordinate delivery to other warehouses.

Attacks on infrastructure aren’t, however, a mere hypothetical. Just last year, dozens of U.S. utility companies were compromised by an organized hacking group to such an extent that the hackers could have shut them down. And in the Ukraine, hackers in 2015 and 2016 disrupted the power grid, causing hundreds of thousands to lose power.

More: http://www.ibtimes.com/why-cyberattack-could-cause-infrastructure-fall-dominoes-2637720

Comment as anon_2dc12 or log in at top of page: