Researchers Release Free TRITON/TRISIS Malware Detection Tools

A team of ICS experts who spent the past year studying and re-creating the so-called TRITON/TRISIS malware that targeted a Schneider Electric safety instrumented system (SIS) at an oil and gas petrochemical plant has developed open source tools for detecting it.

The researchers have demonstrated how the malware works, as well as a simulation of how it could be used to wage a destructive attack. TRITON/TRISIS was discovered in 2017 in a Middle Eastern plant after an apparent failure in the attack shut down its Triconex safety systems.

Read more about how researches have re-created the TRITON/TRISIS attack to better understand this epic hack of an energy plant, on DarkReading.