The answer is yes. It has been like this for some time, even if it is not mentioned.
A cyber attack is as dangerous as an attack by conventional weapons and can endanger the lives of those who suffer it or those who find themselves unknowingly involved. Those who are not used to considering cyberspace as a real dimension could ask how it is possible, here are some examples.
Let's start from the end: these days the news about the malware known as Triton, Also known as Trisis. Triton it is malware that affects a specific type of systems called Industrial Control Systems (For the sake of brevity I will use ICS from now on).
The ICS are control systems used in industrial processes to monitor the state of the systems and take action when necessary, that is, generally when some problem can turn into more or less important incident.
It is clear to everyone that if an industrial control system is responsible for verifying that the quantity of sugar used in a dough for the industrial production of donuts does not exceed a certain predetermined quantity, if the system did not work properly there would be a risk of eating donuts that are too sweet, but what would happen if in the same production plant the industrial control system also supervised the temperature control of the ovens?
It seems clear to me that the risks could be different: from a minimum of burning a donut oven to the danger of fire, perhaps with the destruction of a plant, with potential human victims!
It is not necessary for the industrial control system to oversee the production of sulfuric acid or enrichment of uranium to create risks for life.
But let's get back to ours Triton o Trisis if you prefer.
This malware was created to attack an industrial control system created by Schneider Electric: the Triconex Safety Instrumented System, a system that monitors the performance of critical systems and acts according to predetermined patterns when dangerous or non-standard values are detected.
The identified malware seems to be able to interrupt a process of an industrial production system without there being a real danger, clearly creating economic damage to those who are hit but in the same way the attacker can force the system to do not stop even in the face of a potentially dangerous malfunction.
Several companies are studying malware, including Symantec, FireEye and Dragos.
It is not yet known where the attack may have been launched and who the attacked society is, even if news from the last few hours speaks of a probable Iranian attack on systems located in Saudi Arabia's industries.
The only thing that is certain at the moment, as mentioned above, is that systems equipped with Schneider Electric control systems have been hit.
Similar attacks closely resemble the attack on Iran by means of the Stuxnet.
FireEye researchers think that the attack via Triton is part of the preparation of a wider attack to drive an unidentified state organization.
A tip: Critics of critical industrial systems employing Schneider Electric control systems perform extensive controls on the operating systems of control stations, especially if they are older Microsoft operating systems, making sure that all patch necessary security are installed since the attack seems to have been made to a computer equipped with a Microsoft operating system. Specifications may be released in the coming days patch and it is more appropriate than ever that particular attention be paid to immediately incorporating any indications.
To learn more:
- https://thehackernews.com/2017/12/triton-ics-scada-malware.html;
- https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-ne...
- https://www.schneider-electric.com/b2b/en/products/industrial-automation...
- https://www.symantec.com/blogs/threat-intelligence/triton-malware-ics;
- http://www.securityweek.com/iran-used-triton-malware-target-saudi-arabia...
- https://dragos.com/.
