Security researchers at industrial control security company Dragos just issued a report loaded with superlatives. And a warning.
Check out their description of XENOTIME, the only group known to be actively trying to infiltrate industrial safety systems.
"XENOTIME is easily the most dangerous threat activity publicly known."
Why is XENOTIME so dangerous?
Researchers say if safety controls are run by XENOTIME, death or destruction may occur because plant operators may be unable to safely shut down dangerous industrial environments, such as electric power generation and oil and gas processing.
"Targeting a safety system indicates significant damage and loss of human life were either intentional or acceptable goals of the attack, a consequence not seen in previous disruptive attacks such as the 2016 CRASHOVERRIDE malware that caused a power loss in Ukraine."
ICS malware threat trend
The malware in this case is called TRISIS, and was used to shut down a Middle Eastern operational facility.
Now, Dragos says, the threat is growing beyond the Middle East, and the attackers are refining their coding and configurations of TRISIS malware.
Perhaps the most disturbing part of the research report is a concept, really, and it is this: There is little reason to go after an industrial control safety system, unless you plan to disrupt that system.
And when bad actors decide to disrupt a system and activate their malware, lives may be in the balance.
