TRISIS, otherwise known as TRITON and HATMAN is a piece of malware that targets industrial control systems (ICS) and was discovered in late 2017. This malware was written specifically to target the Schneider Electric Triconex safety instrumented system (SIS), specifically the Triconex 3008 processor module (Dragos, 2017). As sensational as some articles might be, TRISIS did nothing, an error in the code prevented successful execution which would have disabled the SIS and led to operations halting or a complete disaster.
The real impact of TRISIS is not the physical damage and destruction that could have occurred, but the resulting code being modified and targeted at different SIS and a whole new world of attacks against industrial control systems (ICS) worldwide. TRISIS may be considered a proof of concept, it proved quite spectacularly that not only are ICS vulnerable to attack but that the attackers were persistent in the environment for more than 12 months without being detected.
TRISIS was most definitely not the first malware to target industrial control systems, not only has there been predecessors specifically targeted at destroying the uranium enrichment process but common ransomware has infected human-machine interfaces (HMI) causing loss of monitoring and control, and ultimately blackouts across entire countries.
TRISIS is said to be a game changer (Dragos, 2017), not only because of the successful persistent threat, but also the specific targeting of SIS and the capability to potentially bring these life-saving devices down…Click here to read full article.
