Enhancing Industrial Cybersecurity: Insights from Analyzing Threat Groups and Strategies in Operational Technology Environments

Abstract

In recent years, concepts and components of Information Technology (IT) have made their way into the shop floor, today better known as Operational Technology (OT). The increasing interconnection and convergence of IT and OT have exposed industrial infrastructures to cyber attacks. In addition, they have become vulnerable to Advanced Persistent Threats (APTs). This article examines real-world incidents, looking at the complex landscape of threat groups targeting OT environments and the Tactic, Technique, and Procedures (TTPs) employed by these threat groups. Consequently, it highlights the need for increased vigilance in protecting OT environments, which can be done by using a variety of open-source threat intelligence platforms and databases, including ThaiCERT, Malpedia, MITRE ATT&CK, and ICS-CERT. We aim to provide relevant stakeholders (manufacturers, asset owners and system integrators), including Chief Information Security Officers (CISOs), with information on emerging threat groups, attack victims and their locations, the origins of attacks, the tools and types of tools used, and the motivations behind these attacks. This understanding is crucial to improving defensive strategies based on relevant standards and frameworks and protecting OT environments against evolving cyber threats.