michelangelus - Fotolia
In this week's Risk & Repeat podcast, SearchSecurity editors discuss dangers to critical infrastructure in the wake of a new report on the threat actors behind the Trisis malware.
There are only a handful of threat groups capable of attacking industrial control systems and critical infrastructure, but the newest group could heighten concerns about ICS threats.
Dragos Inc., which specializes in ICS security, last week published new research on an advanced persistent threat group it calls Xenotime, which Dragos believes is behind the Trisis malware campaign that struck a Saudi Arabian energy company. The research indicates that Xenotime, which Dragos calls "easily the most dangerous threat activity publicly known" for ICS threats, is targeting organizations beyond the Middle East and planning to cause a disruptive or destructive event.
Dragos and its CEO Robert M. Lee have generally taken a restrained and cautious approach to ICS threats instead of exaggerating or overstating the risks to the U.S. power grid. However, the company is clearly concerned about the Xenotime threat group and its ability to wreak havoc on critical infrastructure.
Should the Dragos report change how we view ICS threats? How much danger does Xenotime pose to the U.S. power grid? Is attribution important for these types of threat groups? SearchSecurity editors Rob Wright and Peter Loshin are joined by Associate Site Editor Maddie Bacon to discuss those questions and more in this episode of the Risk & Repeat podcast.