In today’s cyberthreat landscape, threat actors are drawn to organizations that operate within critical infrastructure (CI) sectors, such as oil and gas, financial services, telecommunications, mass transportation, public healthcare, etc. When targeting legacy control systems operating within a critical infrastructure sector, threat actors often settle for the lowest hanging fruit, typically people with elevated access privileges to targeted systems and data. For example, an attacker can gain back door entry into an otherwise secure network by acquiring direct access from an insider (current or former employees) connected to a target organization.
By compromising organizations within critical infrastructure sectors, threat actors, such as ransomware groups, are assured of hefty ransom payouts because of the impact of their exploit. Furthermore, when attackers remotely access, control, and command a targeted system, they can cause significant disturbance to critical processes that otherwise benefit ordinary people and entire governments. Therefore, cyberattacks on a critical infrastructure could lead to operational disruption and total system shutdown.
Traditionally, control…
