Attacking Operational Technology Without Specialized Knowledge: The Unspecialized OT Threat Actor Profile

• Published in: 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) pp. 146 - 159
• Main Authors: Kempinski, Stash, Sciancalepore, Savio, Zambon, Emmanuele, Allodi, Luca
• Format: Conference Proceeding
• Language: English
• Published: IEEE 08.07.2024
• Subjects: Cyber Threat Intelligence; Cyber-attack; Cyberattack; Embedded systems; Industrial Control System; Internet; Limiting; Operational Technology; Prevention and mitigation; Software; Threat Actor Profiling; Writing
• ISSN: 2768-0657
• DOI: 10.1109/EuroSPW61312.2024.00021

Due to the unique characteristics of Operational Technology (OT), i.e., technology centered around cyber-physical activities, performing OT-related cyber-attacks is traditionally thought to require both specialized- and generic IT-related knowledge. However, in recent years, the need for specialized knowledge decreased, and OT-related cyber-attacks became increasingly easier to perform. In this paper, we profile a new threat actor, referred to as the unspecial-ized OT attacker, who performs targeted, OT-related cyber-attacks with at most basic generic knowledge. We show the relevance of this threat actor by identifying past OT-related cyber-attacks that match this threat actor profile's capabilities; we do so by mapping the types of tools used during these cyber-attacks and the knowledge required to use them. To further substantiate our analysis, we investi-gate readily-available tools that can assist threat actors in performing OT-related cyber-attacks. The combination of our findings highlights the present-day lowered entry level requirements to attack OT environments while limiting the scope of current assumptions.