IT meets OT.
In modern asset-based businesses, data is key to making smart, real-time decisions and creating a foundation for the innovative new products and services that will allow you to greater serve customers in the future. As a result, Information Technology (IT) and Operational Technology (OT) systems must be converged to truly enable data driven businesses.
This direction of travel directly challenges the traditional ‘Air Gap’ security models that have existed between IT and OT systems for decades. Not only does this approach hinder the required flow of telemetry data between sensory networks, data lakes and machine learning environments, but as a trusted construct it also introduces new and unknown risks from insider threat.
This presentation provides an example of the types of threats targeting such environments together with examples of how they are delivered and spread through compromised networks as well as how they perform their actions on objective against the targets. Building upon the information and indicators shared by the US CERT in their TA18-074A alert, Unit 42 shares insights into how this attack operated.