Skip to main content

Phishing email led to life-threatening attack at petrochemical manufacturer

By Charlotte Peel.

Hackers recently used malware to target a petrochemical-manufacturer in the US with potentially life-threatening consequences. 

The system targeted was a combination of both hardware and software which the critical infrastructure site (a chemical plant) used to prevent unsafe conditions from arising. The particular system targeted monitored gas fuel pressures and reactor temperatures in order to automatically close valves or initiate a cooling process to prevent life-threatening accidents such as the dispersion of chemicals, if potentially unsafe thresholds were reached.

The malware which the hackers used to target the chemical plant in the US is typically known as “Triton Malware”.

The Triton Malware was installed on the manufacturer’s systems through a phishing email which targeted an employee at the chemical plant. Once the hackers installed the Triton Malware in the operation-technology part of the plant, the hackers attempted to manipulate the industrial control equipment. Luckily, an error caused the control equipment to automatically shut down, which prevented the Triton Malware from executing fully.

If the error had not caused the control equipment to shut down, the Triton Malware could have caused loss of life, severe injury, and mass property damage to the surrounding areas. 

It appears that the chemical plant had a “lucky” escape and avoided what could have led to a catastrophe.

The message here is that whilst cyber-attacks are a fact of life, where financial and back office systems are typically targeted, this is an alarming development where hackers have used malware with the direct purpose of targeting industrial control systems with the intent to cause death or injury.

Whilst this malware attack happened in the US, cyber threats are not specific to the US and is a global issue which does not just affect manufacturers but all businesses in the UK.

It is therefore imperative that manufacturers who provide critical infrastructure, ensure that all employees are fully trained on how to identify and deal with phishing emails and that businesses have supporting software to help identify such emails.

Hackers are becoming more and more sophisticated and so it is vital that your training and software is kept under constant review to ensure it is fit for purpose. Taking such steps will help to reduce the risk of being exposed to malware attacks and mitigate any negative impact on your business and indeed our civilised society as a whole.