Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

OT environments increasingly in crosshairs

(Smart Connected Systems Division, NIST)

By Dragos

Adversaries moved beyond prepositioning to actively mapping control loops, understanding how to manipulate physical processes. Three new threat groups emerged, established groups expanded globally and ransomware caused significant operational disruptions. Yet only a small number of OT networks have the visibility to detect these threats before operational impact occurs.

Threat groups are gaining access to industrial environments and positioning for operational impact, but in most cases compromise becomes visible only after something in the process behaves abnormally. Many organizations lack the visibility to detect reconnaissance, lateral movement and data exfiltration before adversaries achieve their objectives, revealing a fundamental gap across OT networks worldwide.

Adversaries targeting OT are progressing through the ICS Cyber Kill Chain at different speeds. While some focus on initial access, others have reached Stage 2. These threat groups conduct reconnaissance, development and testing activities inside OT environments to understand control loops and position for future manipulation of industrial processes.

Read more at Dragos

Click to listen highlighted text!