For the past several months, DarkOwl analysts have been monitoring for and documenting instances on the darknet that could be threatening to Industrial Control Systems (ICS) and their adjacent Operational Technologies (OT). These two critical systems govern most everything societies rely on in the modern age. They include critical infrastructure such as manufacturing facilities, water treatment plants, mass transportation, electrical grids, gas, and oil refineries… all rely on some aspect of ICS/OT incorporated in their industrial processes.
In doing so, DarkOwl’s analysts found a significant number of instances in which attacks or attack vectors that could directly effect these critical industries were being actively discussed or circulated on the darknet. The research will be published an upcoming whitepaper, Industrial Control Systems (ICS) & Operational Technology (OT) Threats on the Darknet.
The full extent of this research will be published Tuesday, September 13 and will cover how critical infrastructure is being targeted on the digital underground.
In recent years, especially in the world of ransomware and extortion-as-a-service crime – which is highly prevalent on the darknet – the information security community and major security operations centers have been centrally focused on securing sensitive organizational ‘data’ and intellectual property with concerted attempts to mitigate network attacks and remediate the effects of one leak after another leak emerging on the darknet and across underground criminal communities.
ICS/OT security involves protecting critical ‘processes’ needed in critical infrastructure and manufacturing facilities and is less concerned about data loss. The effects of ICS/OT attacks, especially against those that involve targeted unencrypted, serial communication protocols, are not manifested as simple domain network and email connectivity issues. A successful ICS-OT attack transcends the cyber realm and can result in the physical destruction of devices, kinetic explosions, and even risks the potential loss of human life.
In this darknet research investigation, the analysts at DarkOwl review the threats discussed and circulated on the darknet related to ICS/OT and exploits designed to compromise Supervisory Control And Data Acquisition (SCADA) panels. The research highlights initial points of compromise and data brokers in unauthorized network access, the reconnaissance utilities employed by threat actors to surface critical infrastructure system vulnerabilities, and the real dangers presented by the industry’s reliance on insecure IEC protocols.