OT Attacks and Countermeasures

00:00

mine.

00:00

Hey, everyone, welcome back to the course in this video. We're gonna talk about some of the OT attacks and counter measures. Specifically, we'll talk about some of the OT attacks. Also, talk about the OT hacking methodology because depending on what we're attacking, it will differ from your traditional hacking methodology that you'll find on certification exams like the EEC Council, C E H.

00:20

And then we also talk about some countermeasures as well.

00:22

Well,

00:23

so what are the different types of ot attacks? Weaken Do well, number one being physical attacks. If we go into that power plant, for example, and mess stuff up or set off a bomb or just destroy stuff with a hammer were that's a physical attack, right? We can go in and actually physically attack

00:38

the environment. We've got wireless attacks. So doing attacks through things like wireless networks in protocols like zig B social engineering, USB attacks, malware, a lot of these air common tax across a lot of I t environments as well, right?

00:54

We've got a tax on the supply chain,

00:57

even zero day attacks, right? So if we're doing some fuzzing with something like peach, for example, we might be able to find some zero day attacks that we could do,

01:03

uh, insider threats that might actually be a big one, depending on what we're talking about in the O. T n I. C s realm as well as things like man in the middle attacks.

01:15

So let's talk about the ot hacking methodologies. So two different ways to approach this right

01:19

number one being if we're If we're looking at a live production I. C s network,

01:26

it's very unlikely we're actually going to do a pen test on that. Typically, speaking

01:30

in the ideal world will perform that the actual testing on something like the development network that closely mimics that production network. Because if we do something as simple as run like an end maps can that may

01:44

break a process, they may shut something down in the facility. They may actually cost human life depending on what gets shut down. So that's why we typically speaking. And this is something important. If you do take, they take the ch exam to watch out for specifically, if were. If the question is around testing a

02:04

production I C s network,

02:06

you're not gonna wanna do a traditional, um, pen test on that. You'll just wanna look at it from a rich standpoint in, ideally, you want to run it on a development network. Now,

02:15

if we're starting, so we would start with something just like re kon on that development network. So, um, you know, using, like, Google Hacking database multi go showdown the Discover scripts tool, which is very handy. Tool you can grab off, get hub.

02:30

Um, And then if we're gonna do like external testing, right, That's where we go into that more traditional type of pen test methodology where we do our foot printing our reconnaissance, we then do. Our enumeration are scanning and enumeration. We do our vulnerability kind of mapping, and we figure out okay, these are the vulnerabilities,

02:49

and then we exploit those vulnerabilities. We try to get in,

02:52

and maybe we write some zero days, and then we go through, we get access, and then we maintain that access. And that's your more traditional approach where we're going from an outside approach, attacking the I T network and then trying toe pivot off that to get into the the I. C. S network.

03:08

So what are some of the counter measures that we can do against OT attacks. One of the biggest ones is getting visibility. A swell is getting things in place, like identity access management, right. Making sure we got role based access control, multi factor authentication, things like single sign on.

03:24

So just making sure that we're lacking that down as much as possible

03:29

as I mentioned visibility, right. So what assets do we actually have? Classifying those? What are the priority assets that we need to make sure we absolutely protect across our network using segmentation. So making sure that we separate that I, t and, uh, and I CS networks

03:45

on bats described in things like I say 62 443

03:50

analyzing our traffic for threats. So using things like next generation firewalls or SIM solutions

03:57

a zwelling as securing our wired and wireless access to our network so we could do something like a next gen firewall for centralized security management.

04:06

So just a quick, quick question here. The pen testing methodologies the same when performing pen test on I t networks and OT networks. So is that true or false?

04:15

All right. You should remember. Remember that one I kinda emphasized it quite a bit. The answer is gonna be false, right? They're not the same again. If we're gonna be testing on O. T. R. I. C s network, we wanna make sure that we're using a secondary network. So the developer one or a test one that closely mimics that production one. But we definitely if wherever possible, we don't want to do any testing on the actual

04:35

production network

04:36

now.