Perth Branch Meeting: May 8
Cyberattack on Safety Instrument System in Critical Infrastructure with Paresh Kerai, Cyber Security Engineer, SC8 Ltd
Cyberattack on Safety Instrument System in Critical Infrastructure
Recently, a Safety Instrumented System (SIS) in the Middle East was attacked with a malware that shut down the system multiple times. The malware codenamed Trisis/Triton/MatMan compromised a safety instrument system (SIS) with zero-day vulnerability and disrupted emergency shutdowns. The SIS is used by human operators to monitor industrial processes in order to detect potentially dangerous conditions, triggering alerts or shutdowns to prevent accidents.
Triton is the 5th known case of malware that has been specially designed to sabotage industrial control systems. In some instances, an ICS-focused failure could result in an explosion, damage machines, property destruction, injury or loss of human life. The attack showed a sophisticated state-sponsored style coordinated attack on the organisation plant as the attacker specifically developed the malware with intending to compromise the vulnerability of Triconex SIS. This presentation will give an overview of the attack timeline, highlight the capabilities of the malware and the attack flow, and explain just how the attackers compromised the SIS device.
A copy of the presentation can be found
here.
Paresh Kerai is an Industrial Control System (ICS) Cyber Security Engineer at SC8 Ltd and researcher at ECU Security Research Institute, specialising in cybersecurity in control systems and network infrastructure and computer forensics. Currently enrolled in Doctor of Philosophy at Edith Cowan University. His research focus is on the security of Modbus protocol used in critical infrastructure systems and the security framework of Industrial control systems. He also has interests in threat intelligence, threat hunting, computer and network forensics, IoT devices, and operation technology architecture security.
AISA members: Please sign in to register for this event.
Non AISA members: If you would like to become an AISA member you can join here.
Please note: that the event time might be displaying AEST. The event starts at 5.30pm GMT+8 and finishes at 7.30pm GMT+8.
Many thanks to our sponsors
AISA also thanks EY for sponsoring the venue for this meeting
