The scenario described in this chapter is considered a target attack or, depending on the circumstances, an Advanced Persistent Threat (APT). These kinds of attacks take a skilled and highly motivated group or individual to pull off successfully. Targeted attacks such as these are relatively rare. More often, a network will be breached because of a large malware campaign, (spear) phishing attack, drive-by malware download, or some form of introducing malicious code into the environment by means of an infected thumb drive or laptop. Once the network is breached, the attacker may stumble upon the ICS network hiding in subnets of the breached network and decide to cause havoc, ignore it, or sell the illicitly obtained access on the dark web, at which point, a more targeted attacker can buy themselves a easy way in.
The malware installed by drive-by download attacks or a malware phishing campaign can vary from adware, spyware, and Trojans to the more terrifying specimens...