Happy Holidays – fingers crossed none are interrupted

TLP White

Happy Holidays – fingers crossed none of them are interrupted by incident response duty. Here’s hoping for a pass on the worst recent tradition, the major holiday breach (Target, Sony, etc.).

Until then, check out an updated events section with lots of 2018 workshops. Sign-up for a few and enjoy this week’s Hacking Healthcare:

Hot Links –

  1. 12 days of hacking – Welcome to witching season for cyber-crime. The 12 days of Christmas hacking is upon us. Target hit us (just three years ago?) and ushered in a new season when it came to the scale of cyber-crime. But it isn’t only credit card fraud – the last couple of holidays have seen a major nation-state hack: think DPRK doxing Sony and Russia turning off the power in Ukraine.


  1. Triton Malware We have seen a pernicious form of malware announce itself. Triton – which was discovered by FireEye – appears to target certain industrial control systems manufactured by Schneider Electric. Reports indicate the malware targeted operational systems in the middle east oil and gas industries, but these products are used in other heavy industries and manufacturing processes.

The malware looks to cause havoc by enabling a coordinated manipulation of automated safety systems and human machine interfaces that allow operators to monitor industrial operations. So turn off the safety failures and emergency shutdown process before manipulating an operators view, prompting the employee to send damaging commands to the systems. Or perform a “denial-of-view” attack – giving operators a sense that everything is all right – while simultaneously launching a separate attack on the functioning of the plant.

This is also a good reminder of the power of information sharing. Getting details of this malware to manufacturers and operators helps drive awareness and create actionable mitigations.

As a reminder, this is the public version of the Hacking Healthcare blog. For additional in-depth analysis and opinion, become a member of H-ISAC.

Read full blog below: