Our San Francisco bureau chief, @martingiles, spent several months working on a story about Triton, the world’s most murderous malware. Here’s why this malicious code is so terrifying. technologyreview.com/s/613054/cyber…

Previous “cyber-physical” malware like Stuxnet, which destroyed centrifuges at an Iranian nuke plant in 2010, targeted industrial equipment.
.
.
.
Triton is the first time we’ve seen software deliberately created by hackers to put people’s lives in danger.

The malware is capable of disabling safety instrumented systems, which are the last line of safety defense in everything from petrochemical plants to public transport systems to nuclear power plants.

If these safety systems are crippled, and other malware used in conjunction with Triton causes dangerous industrial processes to spin out of control, the result could be catastrophic industrial accidents that kill large numbers of people.

Fortunately, Triton was discovered at a Middle Eastern petrochemical plant in 2017 before it could do any harm. Had it been triggered, it could have caused explosions, and let poisonous gases escape into the plant and surrounding area.

Over the past year or so, researchers at a cybersecurity firm called @DragosInc have come across elements of software used by the hacking group behind Triton. These strongly suggest it’s hunting for new targets outside the Middle East, including in North America.

The hackers are patient and well-resourced.

They spent years burrowing through layers of cyber defenses to reach the safety systems at the petrochemical plant. Some evidence suggests they are from Russia, which has already deployed cyber-weapons against industrial targets in Ukraine.

Triton has appeared just as nation-state hackers step up cyberattacks on “critical infrastructure” targets like electrical grids, dams, and oil companies.

Dan Coats, US Director of National Intelligence, said last year warning lights “are flashing red” because of this unprecedented cyber-assault.

To make matters worse, Triton’s rise coincides with a push by companies to hook up ever more equipment to the internet to boost efficiency and productivity. The development of this “internet of industrial things” gives hackers more equipment to target.

Some cyber experts say Triton and other malware show why businesses urgently need to rethink how they are connecting potentially lethal processes. Some of these may need to be isolated from the internet altogether.

You can read more about all this in @martingiles story here. #RSAC #RSAC2019 technologyreview.com/s/613054/cyber…

Follow @martingiles for more cybersecurity insights.