Forescout Research – Vedere Labs published its Global Threat Roundup Report for 2023 which included key findings related to OT/ICS infrastructure. Most notable were several OT protocols, of which five were listed as constant targets and made up 98% of OT-related attacks. These five include Modbus, Ethernet/IP, Step7, DNP3, and IEC10X.

While the energy sector was the most targeted, most of the attacks were directed at industrial automation protocols, like Modbus, which are widely used in various critical infrastructure sectors and made up an entire third of all OT-related incidents last year. Most of this activity includes scanning and enumeration attempts which are difficult to mitigate against. Also of note are the successful attacks against building automation systems, web applications, remote management protocols, and post-exploitation actions focused on persistence, discovery and execution.

Overall, Forescout’s most important takeaway is that the traditional cyber hygiene practices must address every asset on the network, prioritizing the most critical attack surface based on up-to-date threat and business intelligence. For OT environments, Forescout emphasizes the importance of monitoring traffic to and from OT devices and that nowadays that is as critical as monitoring IT traffic. With attackers constantly probing OT assets for weaknesses, many organizations remain blind due to lack of visibility into their OT infrastructure.* For more details, access Forescout or Industrial Cyber, and consider MITRE ATT&CK® for ICS for potential mitigation steps against scanning and enumeration activity.

*U.S.-based water and wastewater utilities with less than $100M in annual revenue are encouraged to check out the Dragos Community Defense Platform (CDP) and OT-CERT for free resources to enhance your OT/ICS cyber defense posture. Interested parties can view the recording and access the slides from yesterday’s WaterISAC Cyber Resilience Briefing for January 2024, to find out more.