FBI: Triton Malware is Being Used Against Energy Companies
The FBI has issued a TLP: White Private Industry Notification warning that Triton malware, also known as Trisis, is still a threat to critical infrastructure industrial control systems (ICS) around the world. The bulletin describes the threat, including the 2017 Triton attacks targeting a petrochemical company in the Middle East.
TRITON malware has been around since 2017. If you are responsible for securing Industrial Control Systems, this should not be news to you. However, the recommended best practices are not trivial to implement in these environments but hopefully you are making progress.
The IC3 recommendations include using a one-way-link for receiving data from targeted systems such as the Schneider Electric Triconex safety instrumented system in addition to making sure they are properly isolated, security features enabled, and firmware/OS/applications kept updated. Leverage change management and logging to make sure things remain properly configured and any malicious activities are detected.
Read more in
Dark Reading: Triton Malware Still Targeting Energy Firms