ATT & CK® Evaluation of ICS simulated threats from Triton malware
MITRE creativity Today, the first round of independent MITRE Engenuity ATT&CK® industrial control system (ICS) evaluation results were released. The evaluation examined how cybersecurity products from five ICS vendors detect Russian-related Triton malware threats.
TRITON malware targets safety systems and prevents operators from responding to faults, dangers, and other unsafe conditions, which may cause physical damage that can lead to fatal consequences.Russia’s Central Institute of Chemistry and Mechanics has developed TRITON for attack Shut down Saudi oil refinery, Leading to sanctions imposed on the Institute by the US Treasury Department.
Assess the use of ATT&CK for ICS, a knowledge base of enemy tactics, technology and procedures planned by MITRE, based on known threats to industrial control systems. ATT&CK for ICS provides a common language to describe the strategies and technologies used by cyber adversaries when attacking some of the most critical infrastructure systems in operating countries, including energy transmission and distribution plants, oil refineries, wastewater treatment facilities, etc.
“We chose to simulate the Triton malware because it is aimed at security systems and can prevent some of the worst consequences when problems occur in industrial control environments,” said Otis Alexander, who is responsible for ICS’s ATT&CK assessment. “The amount of publicly reported data in the attack and the destructive impact of the malware help ensure that this is a powerful simulation. We hope that the assessment can help organizations find the best security tools…