TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems Forever

Black Hat USA 2018

Presented by: Andrea Carcano, Younes Dragoni, Marina Krotofil
Date: Wednesday August 08, 2018
Time: 11:15 - 12:05
Location: Tradewinds EF

In 2017, a sophisticated threat actor deployed the TRITON attack framework engineered to manipulate industrial safety systems at a critical infrastructure facility. This talk offers new insights into TRITON attack framework which became an unprecedented milestone in the history of cyber-warfare as it is the first publicly observed malware that specifically targets protection functions meant to safeguard human lives. While the attack was discovered before its ultimate goal was achieved, that is, disruption of the physical process, TRITON is a wakeup call regarding the need to urgently improve ICS cybersecurity.

This analysis and presentation will cover:

We will conclude with an appeal to vendors about the urgent need for equipment auditing and forensic tools. These tools must be developed before TRITON-like attacks become mass-scale and the time to start working on them is now; hacking is a fashion industry, as soon as a new exploitation technique becomes available, everybody jumps on the bandwagon.

This session will thus provide comprehensive insights into how one of the most sophisticated attacks on an ICS system to date was developed and how it could be detected during and post exploitation. This is important information for anyone seeking to secure critical infrastructure.

Marina Krotofil

Marina Krotofil is an experienced ICS/SCADA professional, who spent bigger chunk of the past decade on offensive Industrial Control Systems (ICS) security: discovering and weaponizing unique attack vectors, engineering damage scenarios and understanding attacker techniques when exploiting ICS. Marina offensive security skills serves her well during forensic investigations, ICS malware analysis and when engineering defenses. She previously worked as a Principal Analyst in Cyber-Physical group at FireEye (USA), Lead Cyber Security Researcher at Honeywell (USA) and as a Senior Security Consultant at the European Network for Cyber Security (Netherlands). Marina authored more than 20 academic and white papers on ICS security and is a frequent speaker at the leading security events around the world. She holds MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems.

Andrea Carcano

Andrea Carcano is an expert in industrial network security, artificial intelligence and machine learning, and has published a number of academic papers on the subject. His passion for cybersecurity and solving the unique challenges around ICS became the focus of his PhD in Computer Science from the Università degli Studi dell'Insubria. Carcano worked on the European Commission Power Plant Security Program, was a Senior Security Engineer for global oil and gas supermajor Eni, and most recently (through his work at Nozomi Networks) developed software that detects intrusions to critical infrastructure control systems. In his current role at Nozomi Networks, Carcano is helping build a new generation of ICS Security products

Younes Dragoni

Younes Dragoni is a member of Nozomi Networks research team where he is responsible for malware analysis and finding and analyzing vulnerabilities in automation devices (ICS/SCADA). Dragoni earned his Bachelor in Security of Systems and Computer Networks at the University of Milan. He is a member of the World Economic Forum's Global Shapers Community.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats