“The joint advisory issued by the US Government about advanced tools being used to target Industrial Control Systems and Operational Technology environments is concerning. If attackers are successful, the consequences of such intrusions are vast and can be potentially devastating. When your adversary is using advanced tools to potentially disrupt your system then organizations must have the people, processes and technology in place beforehand to harden their environments and detect any malicious activity.
“The actors are apparently capable of directly interacting and manipulating the OT devices referenced in the advisory, so it is imperative that asset owners and operators are continuously monitoring for any malicious communications to these devices as well as monitoring for any changes to the configuration or logic inside the devices in real-time.
“The advisory states that actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions. Asset owners and operators should have systems in place to monitor for credential abuse and or discover accounts that are not adhering to the principle of least privilege.” Marty Edwards, VP for OT Security, Tenable