The imminent cyber threats to operational technology (OT) systems are looming around constantly. However, these threats come from trained professionals and well-funded threat groups. It is not the case in the latest trend of unsophisticated, low-level, and simple attacks attempted by hackers for financial gain.
These unsophisticated attacks target industrial systems connected to the internet, with an arsenal of known techniques, tactics, and procedures. The threat actors are motivated to achieve financial, ideological, and egotistical objectives by compromising internet-accessible industrial control systems and OT assets. An increase in the frequency of these simple attacks has been noted this year, although these activities have been recorded for many years.
Widely known commodity tools and tactics, techniques, and procedures (TTPs) are being used to interact with, access, or gather information from these online systems. One consistent trend in these low sophistication attacks is the exploitation of unsecured remotely accessible services. For instance, virtual network computing (VNC) connections to access the victim control system remotely.
Since Graphical user interfaces (GUI) and human-machine interfaces (HMI) present a user-friendly view of highly complex industrial processes, they become an easy target for the actors to modify control variables without a large quantity of knowledge on the processes and systems. Images of IP addresses, GUIs, and system timestamps of compromised control processes have been shown by the actors in these latest attacks.
Pro-Palestine/anti-Israel hacktivist groups have shared evidence of a successful attack via social media. The group claimed that they had compromised OT assets in Israel including, the webserver of a datalogger and solar energy assets used for different applications like dam surveillance and mining exploration.
In other cases, threat actors have shared screenshots of “allegedly successful” attacks on the German-language rail control system that later proved to be a command station designed for model trains.