Due to the unique characteristics of Operational Technology (OT), i.e., technology centered around cyber-physical activities, performing OT-related cyber-attacks is traditionally thought to require both specialized- and generic IT-related knowledge. However, in recent years, the need for specialized knowledge decreased, and OT-related cyber-attacks became increasingly easier to perform.
During this presentation, I profile a new threat actor, who performs targeted, OT-related cyber-attacks with at most basic generic knowledge. I show the relevance of this threat actor by identifying past OT-related cyber-attacks that match this threat actor profile’s capabilities; I do so by mapping the types of tools used during these cyber-attacks and the knowledge required to use them.
To further substantiate this analysis, I present the results of an investigation on readily-available tools that can assist threat actors in performing OT-related cyber-attacks today. The combination of findings highlights the present-day lowered entry level requirements to attack OT environments while limiting the scope of current assumptions, and highlights important, but less explored, directions of OT-related cybersecurity research.
