isi Tag

Defeating a a jump host with 2-factor authentication. Attackers use spear-phishing and custom malware attachments to target technicians authorized to log into a jump host. A technician activates their VPN and logs in using two-factor authentication. This activates the malware, giving attackers contr

Cell phone supply chain attack - attackers write a free cell-phone app. When cell phones with the app are carried into industrial control systems, the app scans for WiFi access points and reports the details over the Internet. Attackers then use phishing to extract the passwords for these networks a

Attackers write their own RAT malware & deploy on the IT network of a services company known to service the real target. The attackers compromise the laptops of personnel who routinely visit the real target and gain a foothold on the real target’s IT network, ultimately propagating to the ICS netw

An organized crime group develops a history of routine speculation on futures markets for gasoline. Then they damage equipment at a refinery by using known vulnerabilities on internet facing IT equipment. This cripples the supply, makes prices spike, and attackers profit from their speculation.

Nation state attackers use more sophisticated tools such as the BlackEnergy trojan to ultimately take over equipment on the ICS network and disable protective relays. The attack group then sends control commands to very quickly connect and disconnect power flows to parts of the grid, destroying larg

An attack group similar to the “Shadow Brokers” steals a list of zero days from a nation-state adversary and sells the list to an organized crime group. That group creates autonomous ransomware that jumps through firewalls via encrypted connections to file shares, causing an emergency shutdown a