earticle

영어

Triton is the world’s most serious malware and it’s now spreading by all over the networks. The hackers has deployed malicious code or malware which let them take over the plant’s safety instrumented systems. These physical controllers and their associated software codes are the last line of defense against life-threatening crisis. Many factories now perform automated processes using computers. However, in 2017 an attack aimed at this emerged. We have detected that a malicious program is installed in the emergency safety device. All of the automation equipment used in these industrial sites is called ICS, and Triton is one of the malicious codes targeting these ICSs. After the hacker sets up the target, the attacker uses a secure shell (SSH) based tunnel to deliver the attack tool and execute remote commands of the program after accessing the IT and OT networks, installing back doors in the computer network, and then accessing the target safety instrumentation system (SIS) controller in the OT network while scouting the network, moving the internal network, and maintaining access. Therefore, we proposed ICS malware for countermeasure to prevent from Triton attack.