In addition to the financial losses they cause, industrial cyberattacks are feared due to the threat they pose for the environment, human lives, as well as the sovereignty of the country affected. We review five—or almost five—of the most dangerous threats that industry has faced up to now.
Shamoon nearly causes a pollution event
Though it didn’t get very far into the industrial system, this malware paralysed Aramco, the Saudi Arabian national hydrocarbon company, for more than 15 days in 2012. With nearly 35,000 computers rendered unusable, the company found itself disconnected from the world. It lost control of its supervision consoles and production process, which could have led to a large-scale explosion and pollution event.
In 2018, the Italian petrol company Saipem was also reportedly impacted by an attack linked to Shamoon. According to initial information in the specialised press, it is reported that 10% of its computer files have been impacted – before being successfully restored from the back-up.
Industroyer short circuits power grids
Since 2015, multiple attacks by multiple versions of the malware Industroyer have come on the scene, affecting at least one country, Ukraine. Its speciality? Attacking electrical generation systems. Industroyer gives the attacker complete control of the targeted system, without the victim's knowledge. The possibilities for malfeasance are almost endless: cutting power to a district, city or region; changing the frequency of a power grid; overloading a plant grid; or even interfering with the global power network.
Triton, a malware with environmental consequences
First detected in 2017, when it was targeting the Saudi Arabian petrol company Petro Rabigh, this malware could have caused enormous harm, including marine pollution, a spike in petrol prices, and even deaths due to explosion. Its MO? Reprogramming the controllers of the Triconex Safety Instrumented System (SIS).
According to the latest reports on this cyberattack, Triton went unnoticed for three years before being detected. An unsettling piece of news, now that the malware seems to have resurfaced in April 2019.
Stuxnet raises the spectre of nuclear fallout
As described in the documentary “Zero Days”, Stuxnet is a 2010 cyberattack that targeted centrifuges at the Natanz uranium enrichment site in Iran. Its goal? To halt or slow down production. A warning sign that raises the spectre of an even larger attack, this time with nuclear consequences.
An as-yet unidentified attack
The fifth most dangerous industrial cyberattack could already be happening right now, without anyone’s knowledge. As we saw with Triton and Stuxnet, several years may go by between a malware’s first move and its subsequent detection. That’s why cybersecurity remains one of the biggest challenges for industry in 2019.