Date
21 July 2018
Concerns are growing as hackers increasingly target the systems of utilities, factories and other types of critical infrastructure, Photo: Bloomberg
Concerns are growing as hackers increasingly target the systems of utilities, factories and other types of critical infrastructure, Photo: Bloomberg

Hackers halt plant operations in ‘watershed’ cyber attack

Hackers recently invaded the safety system of a critical infrastructure facility in an attack that halted plant operations, Reuters reports, citing cyber investigators and the firm whose software was targeted.

Cybersecurity service provider FireEye disclosed the incident on Thursday, saying the attack targeted Triconex industrial safety technology from Schneider Electric, the report said.

Schneider confirmed that the incident had occurred and that it had issued a security alert to users of Triconex, it said.

FireEye and Schneider declined to identify the victim, industry or location of the attack.

Cybersecurity firm Dragos said the hackers targeted an organization in the Middle East, while a second firm, CyberX, said it believe the victim was in Saudi Arabia.

It marks the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing attention on breaking into utilities, factories and other types of critical infrastructure, the report noted.

There is speculation that the hackers were possibly working for a nation-state.

“This is a watershed,” Sergio Caltagirone, head of threat intelligence with Dragos, told Reuters. “Others will eventually catch up and try to copy this kind of attack.”

Hackers used sophisticated malware to take remote control of a workstation running Schneider’s Triconex safety shutdown system, then sought to reprogram controllers used to identify safety issues.

Some controllers entered a fail safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye said.

The cybersecurity firm believes the attacker’s actions inadvertently caused the shutdown while probing the system to learn how it worked, said Dan Scali, who led FireEye’s investigation.

The attackers were likely conducting reconnaissance to learn how they could modify safety systems so they would not operate in the event that the hackers intended to launch an attack that disrupted or damaged the plant, he said.

– Contact us at [email protected]

RC

EJI Weekly Newsletter

Please click here to unsubscribe