Intel Assessment | IT and OT Based Threats to ICS Operations

The aim of this report is to present the current state of capabilities used to disrupt Industrial Control Systems (ICS) operations in the critical infrastructure sector.

Disruption through ICS specific capability requires advanced malware development resources, however the example of code reuse in COSMICENERGY malware indicates that such capabilities will proliferate among less experienced actors.

We assess with moderate confidence that it is likely that the number of ICS specific malware families will increase, and more state-sponsored activity groups will gain access to them. 

Attacks that are more likely to proliferate are those causing direct disruption by turning off systems or causing the process to fall into an unsafe state.