ICS/OT cybersecurity
Attack Simulation
start
What We will cover
In this presentation we'll cover:
Questions, comments, and discussions
Attack simulation in a controlled environment
Practical steps for defending ICS/OT networks
Common initial attack vectors and threats facing ICS/OT networks in 2025
Top 5 INITIAL Attack vectors in 2025
Adversaries leverage legitimate remote access tools given to contractors and vendors, often through weak, stolen, or compromised passwords and accounts
Internet Accessible Devices are exposed to the internet unintentionally or intentionally without adequate protections
Adversaries leverage email to sent targeted emails with malicious attachments or embedded links
Spearphishing Attachment MITRE ATT&CK T0865
Internet Accessible Devices MITRE ATT&CK T0883
External Remote Services MITRE ATT&CK T0822
Adversaries may gain access to a system during a drive-by compromise, when a user visits a website as part of a regular browsing session
Adversaries may target devices that are transient across ICS networks and external networks
Transient Cyber Asset MITRE ATT&CK T0864
Drive-by Compromise MITRE ATT&CK T0817
Top 5 CURRENT MALWARE TRENDS
Designed to bypass multi-factor authentication (MFA) and hijack user sessions.
Designed to bypass multi-factor authentication (MFA) protections, particularly targeting Microsoft 365 and Gmail accounts.
Sold as a malware-as-a-service. Primarily delivered through phishing and spear-phishing emails.
XWorm Remote Access Trojan
Tycoon 2FA Phishing-As-A-Service
EvilProxy Phishing-As-A-Service
Sold as a malware-as-a-service. Primarily delivered through phishing and spear-phishing emails.
One of the most popular open-source remote access trojans in the world. Primarily delivered through phishing and spear-phishing emails.
Quasar Rat Remote Access Trojan
Lumma Info Stealer
PRACTICAL STEPS FOR DEFENDING ICS/OT NETWORKS:
Physically or logically separate the ICS/OT network from the standard enterprise network.
Restrict the ICS/OT environment from accessing the internet.
Build and maintain a secure and up-to-date asset inventory system of all ICS/OT devices.
PRACTICAL STEPS FOR DEFENDING ICS/OT NETWORKS:
Restrict the use of transient devices within your production environment.
Enforce minimum password policies and require 2FA (if applicable) for VPN and Remote Access Software.
WHAT TO KEEP IN MIND
Memorize the following statement:
Fit - For - PURPOSE NOT Fit - For - MARKETING
Attack Simulation
WHat does an ics/ot attack look like? Can it actually impact a critical process?
ICS/OT Presentation
Brandon Tarr
Created on September 30, 2025
Just a basic presentation.
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Microcourse: Team Cybersecurity
View
Microcourse: Key Skills for the Professional Environment
View
Microcourse: Introduction to HTML
View
The Meeting Microlearning
View
The Meeting Microlearning Mobile
View
Isometric video mobile
View
Circles video mobile
Explore all templates
Transcript
ICS/OT cybersecurity
Attack Simulation
start
What We will cover
In this presentation we'll cover:
Questions, comments, and discussions
Attack simulation in a controlled environment
Practical steps for defending ICS/OT networks
Common initial attack vectors and threats facing ICS/OT networks in 2025
Top 5 INITIAL Attack vectors in 2025
Adversaries leverage legitimate remote access tools given to contractors and vendors, often through weak, stolen, or compromised passwords and accounts
Internet Accessible Devices are exposed to the internet unintentionally or intentionally without adequate protections
Adversaries leverage email to sent targeted emails with malicious attachments or embedded links
Spearphishing Attachment MITRE ATT&CK T0865
Internet Accessible Devices MITRE ATT&CK T0883
External Remote Services MITRE ATT&CK T0822
Adversaries may gain access to a system during a drive-by compromise, when a user visits a website as part of a regular browsing session
Adversaries may target devices that are transient across ICS networks and external networks
Transient Cyber Asset MITRE ATT&CK T0864
Drive-by Compromise MITRE ATT&CK T0817
Top 5 CURRENT MALWARE TRENDS
Designed to bypass multi-factor authentication (MFA) and hijack user sessions.
Designed to bypass multi-factor authentication (MFA) protections, particularly targeting Microsoft 365 and Gmail accounts.
Sold as a malware-as-a-service. Primarily delivered through phishing and spear-phishing emails.
XWorm Remote Access Trojan
Tycoon 2FA Phishing-As-A-Service
EvilProxy Phishing-As-A-Service
Sold as a malware-as-a-service. Primarily delivered through phishing and spear-phishing emails.
One of the most popular open-source remote access trojans in the world. Primarily delivered through phishing and spear-phishing emails.
Quasar Rat Remote Access Trojan
Lumma Info Stealer
PRACTICAL STEPS FOR DEFENDING ICS/OT NETWORKS:
Physically or logically separate the ICS/OT network from the standard enterprise network.
Restrict the ICS/OT environment from accessing the internet.
Build and maintain a secure and up-to-date asset inventory system of all ICS/OT devices.
PRACTICAL STEPS FOR DEFENDING ICS/OT NETWORKS:
Restrict the use of transient devices within your production environment.
Enforce minimum password policies and require 2FA (if applicable) for VPN and Remote Access Software.
WHAT TO KEEP IN MIND
Memorize the following statement:
Fit - For - PURPOSE NOT Fit - For - MARKETING
Attack Simulation
WHat does an ics/ot attack look like? Can it actually impact a critical process?