MITRE Att&ck, which stands for Adversarial Tactics, Techniques, and Common Knowledge, is a knowledge base of adversary tactics and techniques that help inform the cybersecurity industry. MITRE recently released an Att&ck knowledge base specifically designed for industrial control systems (ICS).
IT ICS are found in industries such as electric, water, wastewater, oil and natural gas, transportation, chemical, pharmaceutical, and various manufacturing sectors. These systems enable the regular automation of key processes that everyone relies on, and any compromise on their operation could impact the health and safety of humans.
According to the MITRE Att&ck document, adversary TTPs associated with ATT&CK for ICS fall under the following broad categories:
Remote System Discovery identifies the presence of hosts on a network, collecting details such as their IP address, and hostname, along with other identifying information to move laterally within the system. Remote system discovery allows adversaries to map out hosts on the network and TCP/IP ports that are open closed or filtered for future-attack targets.
An example of this is the Backdoor, Oldrea ICS malware plugin. This plugin works to discover all servers reachable by a compromised machine over the network, including OPC Servers, by using Windows (WNet).
Recommended Mitigation Techniques:
Remote access has become a necessity for organizations operating IT ICS. Your time matters and your systems should work. Invest in a remote access system built from the ground up for industrial control networks, uniquely secured with moving target defense, with no compromises on security.