notesum.ai

Published at December 6

On Process Awareness in Detecting Multi-stage Cyberattacks in Smart Grids

cs.CR

Released Date: December 6, 2024

Authors: Omer Sen¹, Yanico Aust, Simon Glomb, Andreas Ulbig

Aff.: ¹Digital Energy, Fraunhofer FIT, Aachen, Germany

Arxiv: http://arxiv.org/pdf/2412.04902v1

Refer to caption

Phase	IT Attacks	OT Attacks
Initial Access	Phishing, System exploits	Physical, Workstation exploits
Execution	Malware, Scripting	Through HMIs, Field devices
Persistence	Account, Registry keys	Firmware, Device replacement
Privilege Esc.	Exploits, Rootkits	Bypass security controls
Defense Evasion	Obfuscation, Log deletion	Logic tampering, State changes
Credential Access	Credential dumping, Sniffing	Credential compromise in controllers
Discovery	Service scanning, System discovery	Sniffing, ICS network scanning
Lateral Movement	Pass the Hash, Pivoting	Interconnected system compromise
Collection	Local and network data	Process system, Historian data
C2	Port use, Encryption	Server comms, Tunneling
Exfiltration	Compression, Scheduled transfer	Over C2 channels, Replication
Impact	Data destruction, Disruption	Process manipulation, Sabotage