It became clear that the instrumented security systems are also targets of attack because of causing and causing severe damage to industrial infrastructures with serious consequences.
Last August 2017 a cyber attack was directed to the Security Instrumented Systems in an oil and gas facility located somewhere in the Middle East.
Un nuevo malware identified as TRITON (Baptized by Fireeye), TRISIS (Baptized by Dragos) or also known as HatMan, was developed to act on the safety functions of the TRICONEX systems in order to interfere in the protections of the systems putting the plant at risk of production and the lives of people causing damage on a large scale.
El malware It was developed specifically to act on the TRICONEX and TRICON systems manufactured by the company Schneider Electric (Originally Foxboro / Invensys). However, the attack vector used would not be exclusive to this brand since it could be used or modified to act on other manufacturers of security instrumented systems.
The attack to the Security Instrumented Systems had as a final result, this time, the plant stop. However, the researchers found that those responsible sought to modify the configured security functions and thus cause an incident of much greater magnitude. An error in the intervention of the system by the responsible parties ends up causing the system to go into failure and therefore automatically triggers a safe shutdown of the plant.
If we were successful in the final goal, we would surely have witnessed an incident of great magnitude today..
The company Schneider Electric after a quick investigation put at the disposal of the market a report to warn the world market and mainly other users, about said malware recommending immediate security measures to prevent other companies from being victims of the same type of attack, perhaps with damages far more serious than the current incident. Schneider Electric officials announced in their official statement that it was an isolated incident. However, they strongly recommended all users to take security measures in this regard.