Security News > 2021 > May > OT Systems Increasingly Targeted by Unsophisticated Hackers: Mandiant
Unsophisticated threat actors - in many cases motivated by financial gain - have increasingly targeted internet-exposed operational technology systems, according to research conducted by Mandiant, FireEye's threat intelligence and incident response unit.
While in many cases OT systems - particularly ones used for critical processes - are not exposed to the internet, many industrial systems are connected to the internet and these connected systems have been increasingly targeted by hackers who are in most cases not sophisticated and don't have many resources.
Since the beginning of 2020, Mandiant says it has observed what it described as "Low sophistication threat activity" targeting a wide range of systems, including solar energy, water control, building automation, and home security systems.
In some cases, the hackers offered tutorials for compromising OT systems or shared IP addresses allegedly associated with ICS, but in others they gained access - or at least claimed to do so - to actual control systems and apparently even interacted with them.
Unsophisticated threat actors often leverage unprotected remote access services such as VNC connections to gain access to such systems, and in many cases they target human-machine interfaces, which are described as low-hanging fruit in OT attacks as they can offer a simple representation of complex industrial processes.
The claims of some of these hackers demonstrate a limited understanding of OT systems.