Educational Webcast Dissects TRITON Malware and Describes How to Implement a Multi-Layered Active Defense to Defend Against Similar Attacks in the Future
Boston, MA – March 28, 2018 – CyberX, the IIoT and industrial control system (ICS) security company, today announced that it is sponsoring an educational SANS webinar about the TRITON cyberattack on a petrochemical facility in Saudi Arabia. As recently described in The New York Times, “The attack was not designed to simply destroy data or shut down the plant … It was meant to sabotage the firm’s operations and trigger an explosion.”
Featuring Justin Searle, senior SANS instructor, and Phil Neray, VP of Industrial Cybersecurity at CyberX, the technical webinar will be held on Friday, March 30 at 1pm EDT (17:00:00 UTC). Those interested in attending can register here.
Demonstrating Stuxnet-like sophistication, the adversaries exhibited a high-level of planning and resources consistent with past nation-state attacks on critical infrastructure. In particular, they exploited a zero-day vulnerability and developed ICS-tailored malware to communicate directly with a specific type of industrial controller using its native ICS protocol.
According to the Times, TRITON may be connected to a string of other cyberattacks on Saudi Arabian petrochemical plants during 2017 — including one aimed at a joint venture between Saudi Aramco and Dow Chemical. Experts also say that TRITON was far more sophisticated than any previous attack originating from Iran, but they speculate that Iran may have worked with Russia or North Korea to improve its hacking abilities.
In this technical webinar, we’ll describe:
- The technical architecture of the TRITON malware
- Threat models showing how the attackers may have compromised the plant’s OT network and controllers
- How to defend against similar attacks in the future via a multi-layered active defense model incorporating continuous monitoring, vulnerability management, threat intelligence, and automated threat modeling
For more information about TRITON, CyberX’s ICS threat intelligence team has reverse-engineered the TRITON malware and described its findings in a detailed blog post.
About Justin Searle, Senior SANS Instructor and Director of ICS Security at InGuardians
Mr. Searle is Senior Instructor for the SANS Institute, having taught core ICS security courses including “ICS/SCADA Security Essentials” and “Assessing and Exploiting Control Systems.” He is also Director of ICS Security at InGuardians, an independent information security consulting company. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG). He currently leads the testing group at the National Electric Sector Cybersecurity Organization Resources (NESCOR).
About Phil Neray, VP of Industrial Cybersecurity, CyberX (Twitter: @rdecker99)
Phil began his career as a Schlumberger engineer on oil rigs in South America and as an engineer with Hydro-Quebec. He has a BSEE from McGill University, is certified in cloud security (CCSK), and has a 1st Degree Black Belt in American Jiu Jitsu. Prior to CyberX, Phil held executive roles at enterprise security leaders including IBM Security/Q1 Labs, Veracode, and Symantec.
About CyberX (Twitter: @CyberX_Labs)
Founded by military cyber-experts with nation-state expertise defending critical infrastructure, CyberX provides the most widely-deployed platform for continuously reducing ICS and IIoT risk. CyberX’s proprietary self-learning engine delivers accurate insights about ICS assets, targeted attacks, malware, vulnerabilities, and attack vectors — in less than an hour — without relying on rules or signatures, specialized skills, or prior knowledge of the environment.
CyberX is a member of the IBM Security App Exchange Community and has partnered with premier solution providers worldwide including Optiv Security and Deutsche-Telekom/T-Systems. The company’s groundbreaking ICS threat intelligence research was recently featured in the popular McGraw-Hill book series, “ICS Hacking Exposed.” For more information visit CyberX-Labs.com.
Deb Montner, Principal
Montner Tech PR
This post was originally published on CyberX Sponsors SANS Webcast on “Anatomy of the TRITON ICS Cyberattack” on CyberX.- CyberX - Field-proven industrial cybersecurity