Unprofessional hackers, mainly for financial gain, have begun to actively attack Internet-connected operational technology (OT) systems.
The media regularly reports on attacks on the process control systems, causing production interruptions. Typically, professional, well-funded hackers are behind these attacks. Although in most cases OT systems (in particular those used in critical processes) are not connected to the open Internet, many industrial systems are connected to the Web, and it is these connected systems that have come under the sights of inexperienced hackers with limited resources.
“Most often, we see that attackers are trying to make money on unprotected OT systems, but we also see how they simply exchange knowledge and experience. Recently, we have seen less professional malicious activity using well-known tactics, techniques and procedures (TTP) and the tools available to access, interact and gather information from resources available on the Internet – trends that were rarely seen before, ” said researchers from the unit. FireEye’s Mandiant in its new report.
Since the beginning of 2020, experts have been recording what they say is “malicious activity of low complexity” aimed at a wide range of systems, including systems for generating solar energy, water control, building automation, as well as home security systems.
In some cases, hackers offer guidance on how to hack OT systems or exchange IP addresses that are supposedly related to ICS, while in others they gain access (at least they claim so) to the ICS themselves and even interact with them.
While in many cases such activity is opportunistic, sometimes hackers are motivated by political motives. For example, hacktivist groups often use anti-Israeli / pro-Palestinian rhetoric on social media and post evidence that they have managed to hack into Israeli OT systems.
Sometimes the loud statements of hackers only demonstrate their poor understanding of how OT systems work. For example, in one of the cases, the attackers claimed that they had managed to hack the railway control system in Germany, but in fact they simply compromised the web interface of the training train.
Be that as it may, the researchers warn, hacks carried out by even inexperienced hackers are still a threat, since they can cause disruptions in physical processes. The number of such attacks is growing, which means that the risk of disrupting industrial processes is also increasing.
Catch up on more articles here
Follow us on Twitter here