471 Reports, 167 Threat Groups, One Alarming Pattern: Attackers are "pre positioning" themselves in our Critical Infrastructure networks. What do they want and what can we do to find them?
The data showing 49% of threat reports targeting ICS/SCADA systems is genuinely alarming. The shift from espionge to pre-positioning for physical disruption represents a qualititive change in the threat landscpe. The Volt Typhoon five-year persistence example really underscores why behavioral anomaly detection is so critical now, you cant just rely on perimeter defenses anymore.
Admittedly our intel agents skew a bit toward Critical infrastructure. But still, I was shocked at the number of reports showing ICS/SCADA targeting. Especially because it meant that that type of activity was far more prevalent than the financial actors/attacks that we generally see. Thanks for the great comment!
The data showing 49% of threat reports targeting ICS/SCADA systems is genuinely alarming. The shift from espionge to pre-positioning for physical disruption represents a qualititive change in the threat landscpe. The Volt Typhoon five-year persistence example really underscores why behavioral anomaly detection is so critical now, you cant just rely on perimeter defenses anymore.
Thanks for your note, I responded above. It's truly alarming.
Admittedly our intel agents skew a bit toward Critical infrastructure. But still, I was shocked at the number of reports showing ICS/SCADA targeting. Especially because it meant that that type of activity was far more prevalent than the financial actors/attacks that we generally see. Thanks for the great comment!