This article has been indexed from Threat Research
Attacks on control processes supported by operational technology (OT)
are often perceived as necessarily complex. This is because disrupting
or modifying a control process to cause a predictable effect is often
quite difficult and can require a lot of time and resources. However,
Mandiant Threat Intelligence has observed simpler attacks, where
actors with varying levels of skill and resources use common IT tools
and techniques to gain access to and interact with exposed OT systems.
The activity is typically not sophisticated and is normally not
targeted against specific organizations. Rather, the compromises
appear to be driven by threat actors who are motivated to achieve
ideological, egotistical, or financial objectives by taking advantage
of an ample supply of internet-connected OT systems. As the actors are
not interested in causing specific physical outcomes, they target
whatever is available on the internet.
Mandiant has observed an increase in compromises of
internet-accessible OT assets over the past several years. In this
blog post we discuss previously undisclosed compromises and place them
in context alongside publicly known incidents. Although none of these
incidents have appeared to significantly impact the physical world,
their increasing frequency and relative severity calls for analysis on
their possible risks and implications.
Visit our website to learn more about Mandiant’s
OT security practice or contact us directly to request Mandiant
services or threat intelligence.
Compromises of Internet-Exposed OT Are Increasing in Frequency
While Mandiant has monitored threat actors claiming to share or sell
access to internet-exposed OT systems since at least 2012, we have
seen a significant increase in the frequency and relative severity of
incidents in the past few years. The most common activity we observe
involves actors trying to make money off exposed OT systems, but we
also see actors simply sharing knowledge and expertise. More recently,
we have observed more low sophistication threat activity leveraging
broadly known tactics, techniques, and procedures (TTPs), and
commodity tools to a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Crimes of Opportunity: Increasing Frequency of Low Sophistication
Operational Technology Compromises