From Triton to Stuxnet, we review the top 5 most dangerous industrial malware attacks | Stormshield

In addition to the financial losses they cause, industrial cyberattacks are feared due to the threat they pose for the environment, human lives, as well as the sovereignty of the country affected. We review five—or almost five—of the most dangerous threats that industry has faced up to now.


Shamoon nearly causes a pollution event

Though it didn’t get very far into the industrial system, this malware paralysed Aramco, the Saudi Arabian national hydrocarbon company, for more than 15 days in 2012. With nearly 35,000 computers rendered unusable, the company found itself disconnected from the world. It lost control of its supervision consoles and production process, which could have led to a large-scale explosion and pollution event.

In 2018, the Italian petrol company Saipem was also reportedly impacted by an attack linked to Shamoon. According to initial information in the specialised press, it is reported that 10% of its computer files have been impactedbefore being successfully restored from the back-up.


Industroyer short circuits power grids

Since 2015, multiple attacks by multiple versions of the malware Industroyer have come on the scene, affecting at least one country, Ukraine. Its speciality? Attacking electrical generation systems. Industroyer gives the attacker complete control of the targeted system, without the victim's knowledge. The possibilities for malfeasance are almost endless: cutting power to a district, city or region; changing the frequency of a power grid; overloading a plant grid; or even interfering with the global power network.


Triton, a malware with environmental consequences

First detected in 2017, when it was targeting the Saudi Arabian petrol company Petro Rabigh, this malware could have caused enormous harm, including marine pollution, a spike in petrol prices, and even deaths due to explosion. Its MO? Reprogramming the controllers of the Triconex Safety Instrumented System (SIS).

According to the latest reports on this cyberattack, Triton went unnoticed for three years before being detected. An unsettling piece of news, now that the malware seems to have resurfaced in April 2019.


Stuxnet raises the spectre of nuclear fallout

As described in the documentary “Zero Days”, Stuxnet is a 2010 cyberattack that targeted centrifuges at the Natanz uranium enrichment site in Iran. Its goal? To halt or slow down production. A warning sign that raises the spectre of an even larger attack, this time with nuclear consequences.


An as-yet unidentified attack

The fifth most dangerous industrial cyberattack could already be happening right now, without anyone’s knowledge. As we saw with Triton and Stuxnet, several years may go by between a malware’s first move and its subsequent detection. That’s why cybersecurity remains one of the biggest challenges for industry in 2019.

Share on

[juiz_sps buttons="facebook, twitter, linkedin, mail"]
To address cyber threats to operational networks (OTs), which are on the rise with the deployment of Industry 4.0 (Cloud, Big Data, 5G, Internet of Things), Stormshield recommends a single, comprehensive approach. The aim is to ensure that networks function properly and that there is continuity of activity for all players: energy, transport, industry, health, etc.
About the author
Khobeib Ben Boubaker Head of D.M.I. Business Line, Stormshield

A graduate of CESI engineering school and holder of an ESCP Europe MBA, Khobeib began his career at Alcatel Lucent in the Submarine Network entity. His first love was the design of fibre optic systems for intercommunication between countries and operators. R&D engineer, international trainer, business engineer, then Business Unit Director: Khobeib wore many technical and business hats for a decade before coming to Stormshield. And following an initial post as Business Developer for the industrial security offering, he is now at Head of DMI (Defence, Ministries, Industry) Business Line to support the company's strategic ambitions for IT/OT cybersecurity.