OT Compromises – AEIOU (Actors Exploiting Infrastructure Often Unsophisticated)

A recent threat research post by Mandiant Threat Intelligence highlights the increasing frequency of OT compromises by low sophistication threat actors. The majority of these compromises occur due to insecure OT systems exposed to the internet. According to Mandiant’s report, the compromises appear to be driven by threat actors who are motivated to achieve ideological, egotistical, or financial objectives by taking advantage of an ample supply of internet-connected OT systems. As the actors are not interested in causing specific physical outcomes, they target whatever is available on the internet. The ample supply and indiscriminate targeting isn’t earth-shattering information, but is confirmation of known attack trends. Mandiant supports their findings with notes/timelines that include previously undisclosed compromises, including unauthorized access for at least two water control systems – one at a U.S. water and wastewater sector entity in January 2020 and another impacting an Israeli hospitality sector organization. Members are encouraged to review the post for more on low sophistication compromises, including why they remain a concern, and security best practices to reduce the risk. Check out the post at Fireeye.