Living-off-the-land Techniques Unlikely to Supplant Energy Sector-Focused OT-Specific Malware
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
Despite increased reports of energy sector-focused threat actors using living-off-the-land (LOTL) techniques, it is unlikely LOTL techniques will wholly supplant malware in energy sector operational technology (OT)-focused cyber operations. Threat actors leverage LOTL techniques to access energy sector networks, abstracting process information and maintaining persistence. Although threat actors using LOTL techniques have successfully interrupted energy sector industrial control environments, designed features of OT-specific malware likely increase the cyber-physical impact of an attack and delay recovery of critical functions and services. Malicious actors will very likely continue to use LOTL techniques for stealth, while designing malware to bolster final impacts on cyber-physical systems in energy sector OT environments.
- Research Organization:
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC07-05ID14517
- OSTI ID:
- 2440408
- Report Number(s):
- INL/RPT--24-80122-Rev000
- Country of Publication:
- United States
- Language:
- English
Similar Records
Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector
Tensor Text-Mining Methods for Malware Identification and Detection, Malware Dynamics Characterization, and Hosts Ranking
A Hybrid Anomaly Detection Approach for Obfuscated Malware
Technical Report
·
Mon Dec 19 23:00:00 EST 2016
·
OSTI ID:1337873
Tensor Text-Mining Methods for Malware Identification and Detection, Malware Dynamics Characterization, and Hosts Ranking
Technical Report
·
Mon Oct 11 00:00:00 EDT 2021
·
OSTI ID:1826495
A Hybrid Anomaly Detection Approach for Obfuscated Malware
Conference
·
Tue Sep 24 00:00:00 EDT 2024
·
OSTI ID:2522685