One of the most frightening of the many scary things in the modern world of telecommunications and IT is the infiltration of critical infrastructure (CI) by hackers.
An attack on high-level industrial systems was reported last week. In an advisory issued on Thursday, security firm FireEye said that malware was found that aims to “manipulate a system that could have shut down industrial processes,” according to the firm.
The firm labeled the initiative TRITON. It did not identify the attacker or the attacked, but did say that the perpetrators likely were from a “nation state preparing for an attack,” according to FireEye. The statement from FireEye is even a bit scarier due to its mundane wording:
The targeted systems provided emergency shutdown capability for industrial processes. We assess with moderate confidence that the attacker was developing the capability to cause physical damage and inadvertently shutdown operations.
In other words, the enemy nation wanted to play havoc with the target’s systems. eWeek reports that some experts think that the target was Saudi Arabian and the attackers Iranian.
Though the targets in many cases may be the enemies of the west, it is clear that the tools being developed likely will be aimed at the United States and allies and, indeed, likely have already. Folks not worried about CI hacking in general and the Iranians in particular should consider this from Wired:
FireEye researchers tracked 34 of the group’s attacks on institutions in seven Middle Eastern countries between 2015 and mid-2017, but say APT 34 has been operational since at least 2014. The group appears to target financial, energy, telecommunications, and chemical companies, and FireEye says it has moderate confidence that its hackers are Iranians. They log into VPNs from Iranian IP addresses, adhere to normal Iranian business hours, their work has occasionally leaked Iranian addresses and phone numbers, and their efforts align with Iranian interests. Namely, targeting the country’s adversaries.
It’s interesting that CI, which is a growing sector, is largely in private industry. Indeed, Karl Steinkamp, the director of Cloud and Tech, Payments Advisory & Assessments for Coalfire, wrote that the “vast majority” of the 16 critical infrastructure sectors are private. Their protection is undertaken in partnership with the government.
He writes that the landscape is changing and that private industry and the security of organizations more central to the immediate health and well-being of the public – be they private or public – are converging, and that the steps taken to protect it are converging as well:
Like all public and private sector organizations, CI entities have increasingly digitized their business models and become reliant on interconnected networks and complex IT infrastructures for efficiency and cost controls. CI companies have seeped out of the safety zone of their private perimeters, venturing into public clouds and hybrid WANs. They have vendor supply chains that must be carefully vetted and managed. As in every organization, IT complexity and employee insider risks increase threat vectors, which need more sophisticated security management.
The fragmentary news about TRITON points to a bigger reality: CI is vulnerable and in many cases haphazardly protected. The fact that there are tremendous vulnerabilities in these systems shouldn’t be forgotten.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at [email protected] and via twitter at @DailyMusicBrk.