"A Brief History of ICS-Tailored Attacks"

According to Oleg Brodt, Chief Innovation Officer for Cyber at Ben-Gurion University of the Negev, Industrial Control System (ICS)-specific malware is relatively difficult to develop for malware authors. It takes more effort to attack ICS. ICS facilities are much more heterogenic than Information Technology (IT), requiring attackers to tailor their attacks to a specific target and gather intelligence on that site. The attacker must understand the targeted process. Malware authors are typically not experts in metallurgy, energy production, or water desalination, so they must collaborate with those who are knowledgeable in those areas to understand the underlying physical process if they want to manipulate it. Many safety systems are in place in ICS environments to prevent operators from making costly mistakes. These systems are also useful for containing cyberattacks, as they have safeguards against dangerous physical anomalies. Despite the difficulties in launching ICS-specific attacks, malware families have managed to impact ICS environments. Malware families, including Stuxnet, Havex, BlackEnergy2/3, Industroyer Crashoverride, and more, have specifically targeted ICS environments. This article continues to discuss seven ICS-centered malware families.

Dark Reading reports "A Brief History of ICS-Tailored Attacks"