{"id":44814,"date":"2022-01-15T00:00:00","date_gmt":"2022-01-15T00:00:00","guid":{"rendered":"urn:uuid:8350993f-338f-fc5b-4349-7bd805f7c04a"},"modified":"2022-01-15T00:00:00","modified_gmt":"2022-01-15T00:00:00","slug":"cybersecurity-for-industrial-control-systems-part-1","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/","title":{"rendered":"Cybersecurity for Industrial Control Systems: Part 1"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/Threats-Affecting-ICS-Endpoints.jpg\"><!-- OneTrust Cookies Consent Notice start for trendmicro.com --><!-- OneTrust Cookies Consent Notice end for trendmicro.com --> <!-- Begin mPulse library --> <!-- END mPulse library --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\" content=\"In this two-part series, we look into various cybersecurity threats that affected industrial control systems (ICS) endpoints.\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"malware,iot,ransomware,research,articles, news, reports\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2022-01-15\"> <meta property=\"article:tag\" content=\"ransomware\"> <meta property=\"article:section\" content=\"research\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/a\/cybersecurity-industrial-control-systems-ics-part-1.html\"> <title>Cybersecurity for Industrial Control Systems: Part 1<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/a\/cybersecurity-industrial-control-systems-ics-part-1.html\"><br \/>\n<meta property=\"og:title\" content=\"Cybersecurity for Industrial Control Systems: Part 1\"><br \/>\n<meta property=\"og:description\" content=\"In this two-part series, we look into various cybersecurity threats that affected industrial control systems (ICS) endpoints.\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/Threats-Affecting-ICS-Endpoints.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Cybersecurity for Industrial Control Systems: Part 1\"><br \/>\n<meta name=\"twitter:description\" content=\"In this two-part series, we look into various cybersecurity threats that affected industrial control systems (ICS) endpoints.\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/Threats-Affecting-ICS-Endpoints.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.378008830651\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1185509576\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"8.2814285714286\">\n<div class=\"article-details\" role=\"heading\" readability=\"36.048571428571\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Ransomware<\/p>\n<p class=\"article-details__description\">In this two-part series, we look into various cybersecurity threats that affected industrial control systems endpoints. We also discuss several insights and recommendations to mitigate such threats.<\/p>\n<p class=\"article-details__author-by\">By: Trend Micro Research <time class=\"article-details__date\">January 15, 2022<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"49.5\">\n<div readability=\"44\">\n<p>The ever-changing technological landscape has made it possible for the business process on the IT side of an enterprise to be interconnected with the physical process on the OT side. While this advancement has improved visibility, speed, and efficiency, it has exposed industrial control systems (ICSs) to threats affecting IT networks for years.<\/p>\n<p>Our expert team extensively looked into reported specific malware families in ICS endpoints to validate ICS security and establish a global baseline for examining threats that put these systems at risk. By doing so, this can help identify the choice of malware and unveil the attackers\u2019 motivation, skill levels as well as gather insights about the affected network\u2019s ecosystem and cybersecurity hygiene.<\/p>\n<p><span class=\"body-subhead-title\">An overview of the IT\/OT network and ICS endpoints<\/span><\/p>\n<p>IT\/OT network pertains to the convergence of the IT and OT network\u2014a connection of the business process on the IT side with the physical process on the OT side. The IT\/OT network enables data exchange and the monitoring and control of the operations from the IT network.<\/p>\n<p>On the other hand, ICS endpoints are used in the design, development, monitoring, and control of industrial processes. These have specific software to perform important functions. Examples of these software applications are:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Industrial automation suites, such as Siemens\u2019 Totally Integrated Automation, Kepware\u2019s KEPServerEX, and Rockwell Automation\u2019s FactoryTalk.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Engineering Workstation (EWS), which is used in the programming of an industrial process or workflow. This includes:<\/span>\n<ul>\n<li><span class=\"rte-circle-bullet\">Control systems such as Mitsubishi Electric\u2019s MELSEC GX Works or Phoenix Contact\u2019s Nanonavigator<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">HMI (Human Machine Interface) such as MELSEC GT Works or Schneider\u2019s GP-PRO EX<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Robot programming software such as ABB Robotstudio<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Design software such as Solidworks<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Historian software such as Honeywell\u2019s Uniformance<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Supervisory Control and Data Acquisition (SCADA) such as Siemens\u2019 Simatic WinCC SCADA<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Field device management and configuration such as PACTware and Honeywell\u2019s EZconfig<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Converters for serial to USB connections such as Moxa\u2019s Uport<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span class=\"body-subhead-title\">ICS data through the looking glass<\/span><\/p>\n<p>We analyzed data from ICS endpoints that are part of the IT\/OT network, not including ICS endpoints from air-gapped systems or those without an internet connection. These endpoints can be found in different IT\/OT network levels, except the process and control levels. Moreover, the ICS endpoints we identified were running Windows operating systems.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/diagram-ics-endpoints.png\" alt=\"ICS endpoints, highlighted, as shown in a Purdue model architecture\"> <\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"42.683673469388\">\n<div readability=\"32.612244897959\">\n<p><i>Figure 1. ICS endpoints, highlighted, as shown in a Purdue model architecture<\/i><\/p>\n<p>We filtered out obvious test machines, endpoints used by penetration testers, and endpoints from universities to ensure that our data came from real ICSs and that the malware detection data was not skewed by penetration testers, researchers, and student machines.<\/p>\n<p>Additionally, we determined ICS endpoints using various indicators like file names, file paths, and processes reported to the <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/technologies\/smart-protection-network.html\">Trend Micro Smart Protection Network<\/a>. We processed the relevant data in compliance with our Data Collection Disclosure policy, maintaining customer anonymity throughout the process.<\/p>\n<p>After extensively evaluating the data gathered, we discovered various malware threats that continue to pose a cybersecurity risk to ICS endpoints, including the age-old legacy malware as well as ransomware.<\/p>\n<p><span class=\"body-subhead-title\">Post-intrusion ransomware<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/diagram-ransomware-breakdown.png\" alt=\"Breakdown of ransomware that affected industrial control systems\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"35\">\n<div readability=\"15\">\n<p><i>Figure 1. Breakdown of ransomware that affected industrial control systems<\/i><\/p>\n<p>We discovered that there was a significant rise in ransomware activity affecting ICSS. This was mostly due to increased Nefilim, Ryuk, LockBit, and Sodinokibi attacks from September to December of that year. When combined, these ransomware make up over 50% of the attacks affecting ICSs.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/diagram-ransomware-breakdown-per-country.png\" alt=\"Per country breakdown of organization-related ransomware detections for industrial control systems\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37\">\n<div readability=\"19\">\n<p><i>Figure 2. Per country breakdown of organization-related ransomware detections for industrial control systems<\/i><\/p>\n<p>Additionally, we discovered that the US had the most number of organization-related incidents affecting ICSs. India, Spain, and Taiwan came in second. However, Vietnam, Spain, and Mexico would be the top three countries if we took the percentage of organizations running industrial control systems that had ransomware affecting their systems.<\/p>\n<p><span class=\"body-subhead-title\">Coinmakers<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/diagram-coinminers-breakdown.png\" alt=\"Breakdown of coinminers affecting industrial control systems\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.5\">\n<div readability=\"14\">\n<p><i>Figure 3. Breakdown of coinminers affecting industrial control systems<\/i><\/p>\n<p>Apart from ransomware, coinminers also greatly affected ICS endpoints that we analyzed. These are malicious software aiming to abuse computer resources to mining cryptocurrencies.<\/p>\n<p>MALXMR is the top coinminer that affected the most ICSs. WORM_COINMINER and TOOLMXR also affected a total of 30.8% ICSs that year.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/diagram-malxmr-breakdown.png\" alt=\"MALXMR distribution per country and organization\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.5\">\n<div readability=\"14\">\n<p><i>Figure 4. MALXMR distribution per country and organization<\/i><\/p>\n<p>The most affected country by MALXR was India. However, note that this doesn\u2019t mean that the country was specifically targeted by MALXR gangs. It just suggests that India had the most infections as a lot of computers running ICS software are vulnerable to EternalBlue, which exploits SMBv1 vulnerabilities.<\/p>\n<p><span class=\"body-subhead-title\">Conficker<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/diagram-distribution-of-ics-endpoints.png\" alt=\"OS distribution of ICS endpoints with Conficker detections\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"30.555166374781\">\n<div readability=\"15.068301225919\">\n<p><i>Figure 5. OS distribution of ICS endpoints with Conficker detections<\/i><\/p>\n<p>Similar to what we found on&nbsp;<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/internet-of-things\/security-in-the-era-of-industry-4-dealing-with-threats-to-smart-manufacturing-environments?_ga=2.209525010.1874680133.1621125958-1328426616.1593403903\">Security in the Era of Industry 4.0: Dealing With Threats to Smart Manufacturing Environments<\/a>, we still saw Conficker or Downad as a persistent threat for ICS endpoints.<\/p>\n<p>We discovered that Window 10 and 7 OSs were the most affected2. However, they were not affected using MS08-067, one of the most common propagation techniques used to spread Confickers. This means that these infections were propagated using either removable drivers or dictionary attacks on ADMIN$ share.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/diagram-location-conflicker-detection.png\" alt=\"Location of Conficker detections based on file path\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<p><i>Figure 6. Location of Conficker detections based on file path<\/i><\/p>\n<p>At least 85% of the Conficker detections were detected from removable drives. Additionally, at least 12% % of the detections were found only on the Windows system directory.<\/p>\n<p><span class=\"body-subhead-title\">Legacy Malware<\/span><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/diagram-legacy-malware-breakdown.png\" alt=\"Breakdown of legacy malware detected in ICS endpoints\"> <\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.437917222964\">\n<div readability=\"22.078771695594\">\n<p>We also detected old worm malware primarily propagated via network shares or removable USB drives. SALITY affected 1.5% of ICSs, while RAMNIT and AUTORUN infected 1.3% and 1% of ICSs, respectively. Some of these worms were rampant in 2013 and 2014 but have since been prevented as security policies have disabled autorun.<\/p>\n<p>However, file transfer via USB thumb drives allows for their continued propagation. Moreover, creating system backups or cold standby terminals without performing a security scan allow these worms\u2019 continuous spread.<\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-2.html\">In part two of this blog entry<\/a>, well discuss malware detection in the top 10 countries as well as some useful insights and recommendations to make your ICSs more robust and resilient to mitigate such threats.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/a\/cybersecurity-industrial-control-systems-ics-part-1.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this two-part series, we look into various cybersecurity threats that affected industrial control systems endpoints. We also discuss several insights and recommendations to mitigate such threats. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":44815,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9514,9513,9539,9509],"class_list":["post-44814","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-iot","tag-trend-micro-research-malware","tag-trend-micro-research-ransomware","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cybersecurity for Industrial Control Systems: Part 1 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybersecurity for Industrial Control Systems: Part 1 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-15T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/Threats-Affecting-ICS-Endpoints.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Cybersecurity for Industrial Control Systems: Part 1\",\"datePublished\":\"2022-01-15T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/\"},\"wordCount\":1034,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/cybersecurity-for-industrial-control-systems-part-1.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : IoT\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Ransomware\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/\",\"name\":\"Cybersecurity for Industrial Control Systems: Part 1 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/cybersecurity-for-industrial-control-systems-part-1.png\",\"datePublished\":\"2022-01-15T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/cybersecurity-for-industrial-control-systems-part-1.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/cybersecurity-for-industrial-control-systems-part-1.png\",\"width\":900,\"height\":686},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybersecurity-for-industrial-control-systems-part-1\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cybersecurity for Industrial Control Systems: Part 1\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybersecurity for Industrial Control Systems: Part 1 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/","og_locale":"en_US","og_type":"article","og_title":"Cybersecurity for Industrial Control Systems: Part 1 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-15T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/cybersecurity-for-industrial-control-systems-part-1\/Threats-Affecting-ICS-Endpoints.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Cybersecurity for Industrial Control Systems: Part 1","datePublished":"2022-01-15T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/"},"wordCount":1034,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/cybersecurity-for-industrial-control-systems-part-1.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : IoT","Trend Micro Research : Malware","Trend Micro Research : Ransomware","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/","url":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/","name":"Cybersecurity for Industrial Control Systems: Part 1 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/cybersecurity-for-industrial-control-systems-part-1.png","datePublished":"2022-01-15T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/cybersecurity-for-industrial-control-systems-part-1.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/cybersecurity-for-industrial-control-systems-part-1.png","width":900,"height":686},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/cybersecurity-for-industrial-control-systems-part-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Cybersecurity for Industrial Control Systems: Part 1"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44814","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44814"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44814\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/44815"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}