We talk a lot about protecting from threats at BlastWave, but it occurred to me the other day that we haven’t discussed the source of these threats. Understanding your enemy is critical in defense, and knowing who will most likely come after you is important. My military background made me think of the famous Sun Tzu quote:
For this blog, I will focus on four types of threat actors and their potential motivations for attacking your OT network. All of them are a threat to your network, but certain types of critical infrastructure are more at risk from one threat actor type because of motivations that will become obvious as you read through the blog. I will skip insider threats, because their motivations are highly dependent on circumstances and much harder to protect against.
This is the most dangerous threat actor because they are generally the most capable and patient. Their primary motivation is to further the geopolitical aims of their nation and gain information (i.e., espionage) on their enemies (and often their allies, too). Nation-state actors employ sophisticated tools and AI (as this blog explores). They have extensive libraries of zero-day vulnerabilities and advanced persistent threats (APTs) tools that they use against their targets. Nation-state actors are probably probing your network if your government considers your OT network critical infrastructure.
Cybercriminals are coming after you if your OT network generates money directly (manufacturing, oil and gas, etc.). They are in it to make money and love malware, ransomware, phishing, and data breaches. This might be one good hacker or a group that has banded together to increase their overall capabilities. AI is expected to help their effectiveness, especially with phishing, and to identify vulnerable systems for ransomware and malware through reconnaissance.
Hacktivists are the idealists in the threat actor gallery. Their motivation is that your network is serving the purpose of evil (or maybe something less extreme). If they hate nuclear power and you run a nuclear power plant, then they are probably going to come after you. Some of these are very talented and are at the level of some cybercriminals or even nation-state actors. They are generally trying to take down your network with DDOS attacks, deface your website, or leak sensitive information about your operation. OT networks are not usually their target, but some hacktivists are more activist than others, so it is not out of the question that this type of threat actor might target your OT network.
We all grew up with this hacker - WarGames, Hackers, etc. - the movies that created a generation of hackers (check out my blog on this topic). Traditionally, this type of hacker was not a threat to OT networks. However, with a huge boost provided by GenAI, this hacker group can suddenly be very dangerous to OT networks. Whereas they might have previously just downloaded the latest tools they found online, now they can use no-code GenAI or custom GPTs like WormGPT and FraudGPT to dynamically create phishing or hacking tools. They are generally in it because they can, and damage from this hacker is often accidental, but in the OT world, that can still be destructive and damaging to critical services. Some other threat actors started in this category, then learned their craft and graduated to hacktivist or criminal so that it can be just a phase in the evolution of a hacker.
This might not be something OT network managers think about, but it is worth spending a little time learning about the people you protect your network against. Each OT network type may need to put more effort into a specific defense (like phishing, for example) if their primary attacker prefers that initial attack vector.
If you are interested in learning more about this topic and how AI is helping these threat actors, register for our webinar here: https://www.linkedin.com/events/7167962877411246080/
Experience the simplicity of BlastShield to secure your OT network and legacy infrastructure.