Adversaries Living off the ICS/OT Land and How to Detect Them

“Living off the land” is a phrase adopted to describe adversary behavior of using built-in system tools in an attempt to blend in or hide in plain sight with expected system/network activity. The practice typically involves IT-based tools and tactics, but industrial cybersecurity firm Dragos reviews the relevance or living off the land for ICS/OT environments. Even advanced ICS-focused (and skilled) threat groups use IT-based system tools such as PowerShell to gain initial access before traversing ineffective network segmentation to compromise ICS/OT networks. Dragos highlights some often overlooked defense strategies to defeat attackers, including baselining legitimate ICS protocols and setting alerts to trigger on abnormal deviations for further investigation. Read more at Dragos