GlobalSign Blog

11 Jun 2019

Triton Malware: Protecting Your Network from the Latest Threat

Malicious software has been a threat since the earliest days of the internet. Hackers continue to find new ways to exploit applications, websites, and networks and infect them with viruses. Any device that is compromised becomes a risk to the person using it and those within the same organization.

When people think about malware, it's usually in the context of cyberattacks that are trying to steal personal information or bring down a website. But today, with so many new devices gaining internet connectivity, the danger can be more physical in nature. A form of malware known as Triton is considered to be a deadly computer virus because of how it could initiate an industrial catastrophe.

In this blog, we'll explore the global trend of the Internet of Things (IoT) and how the Triton malware may impact it in the future.

New Infrastructure in Industry

The IoT movement has brought internet connectivity to a growing collection of devices and appliances. Gone are the days when you had a dial-up modem set up in the house or office to support a single desktop or laptop computer. With Wi-Fi so widely accessible, now dozens of devices can connect to the same network continuously within a single household.

The most common consumer IoT devices include things like smart speakers which are able to receive spoken commands and perform certain actions. Smart light bulbs, security cameras, thermostats, and even coffee makers can be controlled from an app on a smartphone. The idea is that by adding internet to traditional appliances, you can make them more flexible and easy to use. But this also adds a new wrinkle into the complexity of securing a home network.

Meanwhile, the IoT trend has also made a serious impact in the business world, especially with manufacturing industries. For example, companies now deploy smart sensors to every step of their production cycle to monitor output and safety levels. The information that's gathered is fed into powerful analytics systems to gain business intelligence.

Discovery of Triton

The first instance of the Triton malware was discovered in 2017 at a chemical plant in Saudi Arabia. Cybersecurity experts found that a group of hackers had deployed a piece of software on the plant's local network that was able to gain high-level access to internal safety systems. This included special sensors designed to detect dangerous conditions and trigger shut-down procedures in the case of an emergency.

By compromising the safety systems, hackers could control them from remote locations over the internet. In a worst-case scenario, they may have disabled the sensors or given them false data to allow a life-threatening catastrophe to occur.

Fortunately, the malware was found before any further attack could be executed. Since the first discovery, a team of top cybersecurity experts have been working together to reverse-engineer the Triton malware.

But even with that work in progress, the threat of Triton has not gone away. New forms of the malware have appeared on the networks of other industrial plants, and experts believe that many companies do not even realize that they are infected. The risk is that organizations might assume any malfunction is a simple glitch without realizing that a larger scheme is in play.

Triton's Impact on the Internet of Things

Every IoT device that is added to a home or office represents a new vulnerability to the local network that it joins. In fact, these smart appliances can often carry more risk because of the simplified operating system that they rely on to perform their basic functions.

Hackers will always look for the most efficient path to infiltration. That means that even if their ultimate goal is to take down a back-end server, they may initiate their attack through another device. As networks continue to grow and welcome more and more IoT devices, it is making it harder to stay safe online.

Governments are also realizing that they have to get involved with cybersecurity concerns with malware like Triton because of the health and safety risks involved. In the near future, producers of smart devices will be held to tougher standards in terms of how they secure the software on their products.

How Industries Can Protect Themselves

Given the stakes involved, industrial companies need to be as proactive as possible when defending against Triton and similar forms of malware. New types of firewalls and intrusion detection systems now also use AI to detect and block incoming threats. But even they are not foolproof.

A big part of any cybersecurity strategy needs to be training. Employees within an organization must know what to look for and how to keep themselves and the company safe. One easy tactic is to require a virtual private network (VPN) be used by anyone at the company who goes online from the premises.

Some security experts would go as far as to recommend an organization provide a personal VPN service plan not only for employees who work remotely but for all employees to use any time they access the internet for any reason. Consider it the modern version of a job perk that just might save the company network from a disaster.

In the event that a successful attack is executed, the organization needs to be ready to react with a disaster recovery plan. For malware like Triton, it is critical to shut down all affected IoT devices as soon as possible and disable their network adapters. This prevents the virus from being spread further across the network or reaching systems that affect safety.

Final Thoughts

Computer viruses have the potential to kill and the Triton malware is a dangerous example of it. When IoT devices become compromised, they become a significant security liability. Hackers with bad intentions have the ability to infiltrate a network and kick off a chain reaction that can result in catastrophe.

The responsibility for protecting people from such attacks is spread amongst several groups. The manufacturer of the smart devices should equip their products with hardened security protocols. The companies using the devices need to keep their network perimeter locked down from intruders. And lastly, governments must force all businesses to operate within proper standards that ensure people remain safe and accidents are avoided.

Interested in learning more about protecting your infrastructure from attacks like Triton? Explore the resource links below and see how GlobalSign can help:

https://www.globalsign.com/en/blog/iot-security-starts-with-device-identity/

https://www.globalsign.com/en/blog/industrial-internet-of-things-cyber-attacks-infographic/

https://www.globalsign.com/en/blog/five-common-cyber-attacks-in-the-iot/

https://www.globalsign.com/en/blog/5-ways-to-enhance-data-security/

About the Author

Sam Bocetta is a freelance journalist specializing in US diplomacy and national security, with emphasis on technology trends in cyber-warfare, cyber-defense, and cryptography. You can visit his site here.

Share this Post

Write for Us

Apply Now

You might enjoy:

Beating Back Against a Cyber-Attack Hurricane

Or even:

What is an IoT Gateway and How Do I Keep It Secure?