Social engineering attacks are a growing threat to operational technology (OT) environments, Industrial Cyber reports.
Cyberattacks against these environments can be particularly damaging since they have the potential to cause physical disruptions.
“With the expanding IT/OT footprint, the attack surface is increasingly providing attackers additional opportunities to compromise targets by stealing credentials, impersonating trusted insiders, and moving laterally from one system to another inside the network,” Industrial Cyber says. “AI-driven phishing, voice cloning, and deepfake-enabled pretexting are lowering the barrier to entry, enabling cyber adversaries to deploy powerful tools that have the potential to erode the reliability of human judgment across critical infrastructure installations.”
Paul Smith, Honeywell’s director of operational technology cybersecurity engineering, warned of phishing campaigns targeting disgruntled employees after reduction-in-force (RIF) moves.
“An interesting tactic that I have seen would be internal post-RIF announcements, a spoofed HR email sending out anonymous employee feedback surveys,” Smith told Industrial Cyber. “This exploits the vulnerable nature of the disgruntled employee who wants to be heard. Implementing email security gateways and AI threat detection to filter out email spoofing, lookalike domains, and malicious attachments would be a tooling recommendation. Security awareness training is still paramount, as we are the last line of defense to mitigating ‘click compromises.’”
Marco Pereira, global head of cybersecurity, cloud infrastructure services at Capgemini, added that generative AI is making it easier for attackers to craft targeted, convincing phishing messages.
“Threat actors are increasingly leveraging AI and generative AI to supercharge social engineering campaigns,” Pereira told the publication. “By analysing vast amounts of publicly available data, such as social media posts, blogs, and YouTube content, they can craft highly personalized and convincing spear phishing messages. These tools also enable the creation of realistic voice and video deepfakes, making impersonation attacks more credible and harder to detect.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Industrial Cyber has the story.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!
