Darknet Diaries 68: Triton
34 snips
Jun 23, 2020 
Julian Gutmanis, an industrial incident responder, along with Marina Krotofil from FireEye and Robert M. Lee, CEO of Dragos, dive into the Triton malware attack on a Saudi chemical plant. They discuss how this sophisticated malware jeopardizes safety systems, highlighting the dire consequences of cyber threats in industrial settings. The trio uncovers the complexities of cybersecurity and safety protocols, emphasizing the risks posed by insider threats. Moreover, they address the urgent need for robust security measures and international regulations to mitigate potential disasters.
AI Snips
Chapters
Transcript
Episode notes
Discovering Malware
- Nasser discovered suspicious files on an engineering workstation, including a Python DLL within an HP folder.
- He felt scared, realizing the plant was in an unsafe state due to the compromised safety systems.
Attacker's Knowledge
- The attackers understood the plant's culture and work schedule, targeting the systems during off-hours.
- This suggests an intimate knowledge of the plant's operations.
Near Heart Attack
- Marina Krotofil initially mistook a function name in the malware, causing her to believe it could control valves directly.
- Further analysis revealed the function's true purpose, but the initial fear highlighted the potential for physical damage.