The #OT #ICS threat environment is interesting as, aside from ransomware shit, the threats are latent, dormant, or in development. The evolution of #berserkbear, identification of #INCONTROLLER / #PIPEDREAM, continued #XENOTIME activity, identification of #PRC test labs for cyber physical capabilities... All indicate an environment under rapid development, but with fewer actual public examples than fingers on your hand. Circumstances make risk assessment (and cost forecasting) exceptionally difficult for asset owners... But the adversaries are out there, and as shown in #Industroyer2, they are learning. Claiming adversaries will never figure out a cyber physical attack and that the future threat landscape is over hyped seems unhelpful, or motivated by feelings less than altruistic.

Another bit of research I'm proud of, that I'm not sure if it ever gained any traction because of pandemic, was my 2021 #VirusBulletin #CTI research into #BerserkBear #Dragonfly #CrouchingYeti. I think taking a "long view" of persistent threat actors is extremely beneficial in seeing now just how they evolve over time, but how past campaigns are reflected in current operations.

You can find the paper here:
https://vblocalhost.com/uploads/VB2021-Slowik.pdf