Last year represented a defining year in ICS security: Two major and unique ICS-disruptive attackers were revealed; five distinct activity groups targeting ICS networks were identified; and several large-scale IT infection events with ICS implications occurred.
While this represents a significant increase in ‘known’ ICS activity, Dragos assesses we are only scratching the surface of ICS-focused threats. 2017 may therefore represent a break-through moment, as opposed to a high- water mark – with more activity to be expected in 2018 and beyond.
While our visibility and efforts at hunting are increasing, we recognize that the adversaries continue to grow in number and sophistication.
By identifying and focusing on adversary techniques – especially those which will be required in any intrusion event – ICS defenders can achieve an advantageous position with respect to identifying and monitoring future attacks. This report seeks to inform ICS defenders and asset owners on not just known attacks, but to provide an overview for how an adversary must and will operate in this environment moving forward. By adopting a threat-centric defensive approach, defenders can mitigate not just the adversaries currently known, but future malicious actors as well.
Click here for more on this white paper.