Black Hills InfoSec

ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches

BHIS · 2024-12-05 · Read original ↗

ATT&CK techniques detected

3 predictions

T1091Replication Through Removable Media

74%

“checks should be performed to ensure that software / code was not tampered with. infected authorized vendor laptop : - acceptable use policy where vendor laptop may be used and what they can access from the external non - ics device. much like the dirty usb mitigations, new devic…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1091Replication Through Removable Media

41%

“to be accessible, a push of this historical data to a non - ics repository. - ensure that there is no return path from the isolated historian to the ics environment. - ics should never be related to or accessible from a hostile environment, i. e. open corp business networks. leve…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1071.001Web Protocols

36%

“an additional boundary device. it compromised with shared domain trust : - domain trust boundaries need to be carefully evaluated. - trust levels in ics need to be at highest level, i. e. trust level in the ics should be greater than corp or other ephemeral environments. hostile …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

This blog will be referencing the ICS/OT Backdoors & Breaches expansion deck created by BHIS and Dragos. We will be reviewing the ICS-focused Initial Compromise cards that are used to simulate a cyber incident and suggest potential mitigations to what is presented.

The post ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches appeared first on Black Hills Information Security, Inc..