Ever hear of something called the Central Scientific Research Institute of Chemistry and Mechanics, Moscow? Perhaps you should remember it the next time someone is accused of tampering with the safety systems on petrochemical plants. The software is the fairly well-known Triton, which FireEye has linked to a specific professor at the research facility. The target was apparently a petrochemical plant in Saudi Arabia, though FireEye did not name that location.
A Wall Street Journal article says, "Schneider Electric , a French multinational firm that makes the emergency shut-off system that was targeted—known as Triconix—conducted additional analysis in January that found Triton was able to manipulate Schneider devices’ memory and run unauthorized programs on the system by leveraging a previously unknown bug." So, let's hope they have patched that bug and that users have installed the patch by now.
Russia does not seem to have any reservations about using malware to cause harm in infrastructures and test it out in various places, usually in Eastern Europe. They usually suffer no harm by doing it and until someone retaliates in way they will remember, they will keep doing it. Tampering with safety mechanisms to make them fail is not a good idea and one of these targets is going to make Russia wish they had picked somewhere else to do their testing. Iran got blamed for the attacks on Aramco many years ago, and the Saudis were powerless to retaliate. If they learned one lesson from that it was that being unable to respond to a cyberattack is important to any government that doesn't want to be attacked again. The Russians think they can thumb their noses at every country that they don't favor, but that is going to cost them one day. They are going to kick the wrong tiger one day.
No comments:
Post a Comment