Insights Into Foreign SCADA Bots Probing US OT Assets

P. Trainor
Nozomi Networks,
United States

Keywords: ICS, industrial control systems, SCADA, ransomware, operational technology


Foreign hackers and state intelligence agencies leverage the automation of bots in order to enumerate Industrial Control Systems assets within the United States for the purpose of ransoming those assets and/or conducting espionage and/or waging cyber warfare. By collecting a large amount of data pertaining to the origin of the bots pertaining to their attack and information collecting techniques we can better protect critical industrial resources from foreign attack. As a result, our critical infrastructure is under constant network attack by foreign actors tasked with infiltration. Bots are a common tool used to interrogate the entirety of the US IP Address space looking for Operational Technology systems unknowingly exposed on the internet. This presentation will delve into the activities of these foreign based bots and examine the real data derived from their attack campaigns. Attendees will leave with a better understanding on how foreign actors use bots in their pursuit of hacking US Based Industrial Control Systems.