温馨提示:本站仅提供公开网络链接索引服务,不存储、不篡改任何第三方内容,所有内容版权归原作者所有
AI智能索引来源:http://www.ssh.com/academy/operational-technology-breaches
点击访问原文链接

Operational Technology (OT) Breaches

进入原网站 导航首页
Operational Technology (OT) Breaches About us Investors Partners Careers Solutions SOLUTIONS Zero Trust Suite Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Assessment, Quantification & Mitigation By Topic Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & multi-cloud access management Interactive tour: Privileged Access in the Cloud M2M connections IT Audits & Compliance Secure file transfer By Industry Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Products SECURE ACCESS & SECRETS MANAGEMENT SECURE FILE TRANSFER & ENCRYPTION NQX™ quantum-ready encryption Tectia™ SSH Client/Server Tectia™ z/OS SalaX Secure Collaboration Secure Mail 2024 Secure Messaging 2024 SalaX Secure Collaboration Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability Solutions SOLUTIONS PrivX Zero Trust Suite SalaX Secure Collaboration Strong ID-based access with Entra ID & Zero Trust Suite Quantum-Safe Cryptography (QSC) Security Risk Assessment, Quantification & Mitigation Device trust & access and identity verification Identity-based authentication & converged IAM and PAM TOPICS Just-in-Time Access Secure vendor access Credentials & Secrets Management Hybrid & Multi-Cloud Access Management Interactive tour: Privileged Access in the Cloud M2M Connections Management IT Audits & Compliance Secure File Transfer INDUSTRIES Managed Service Providers (MSP) Operational Technology (OT) Federal Government Security Healthcare Data Security OT Security IT/OT convergence of data & systems Zero Trust Access and ZSP Workflow approvals Secure remote access  Secure patch management  OT Compliance Discovery and threat intelligence Phishing-resistant MFA & device trust Products SalaX SECURE COLLABORATION Secure Mail Secure Messaging Secure Sign SalaX Secure Collaboration FQX File Encryptor SECURE ACCESS & SECRETS MANAGEMENT PrivX™ PAM PrivX™ OT Edition PrivX Key Manager SECURE FILE TRANSFER & ENCRYPTION Tectia™ SSH Server Tectia™ SSH Server for IBM z/OS PrivX Desktop NQX™ quantum-safe encryption Services SSH Risk Assessment™ Professional Services Support Contact us Customer cases PrivX Zero Trust PAM Enterprise Key Management UKM Tectia SFTP for servers & mainframes SSH Secure Collaboration Resources SSH Academy Content library Blog References Press releases Downloads Manuals Events & Webinars Media Legal Report a vulnerability About us Investors Partners Careers SSH Academy Cloud Cloud Access Management Cloud Applications Cloud Computing Cloud Computing Models Cloud Computing Pros and Cons Cloud Computing Security Cloud Computing Services: Characteristics Cloud Infrastructure Entitlement Management (CIEM) Cloud Security Buyer's Guide Cloud Security Maturity Model Cloud Service Providers IaaS Immutable Infrastructure in Modern IT PaaS SaaS Virtualization Technology Compliance Cybersecurity Compliance Basics of SSH Compliance Basics of SSH Key Compliance Basel III Digital Operational Resilience Act (DORA) Ensuring ISO 27001 with PAM Fips 200 GDPR HIPAA ISACA ISO 27001 NIS Directive A Guide to NIS2 Directive NIST Cybersecurity Framework NIST 2.0 Cybersecurity Framework NIST 7966 NIST 800-53 PCI-DSS Sans Top 20 Sarbanes Oxley Understanding PAM Standards Cryptography Cryptography Explained Cryptography and the Quantum Threat Encryption Key Management Private & Public Keys Quantum Computing & Post-Quantum Algorithms What is File Encryption? Identity and Access Management (IAM) What is Identity and Access Management (IAM)? What is IAM Zero Trust Framework? What is Zero Trust Network Access (ZTNA)? A Guide to Zero Trust Architecture Active Directory Entra ID by Microsoft Ephemeral Certificates & Ephemeral Access Gartner CARTA How PAM Complements Existing IAM IAM vs PAM Identity Governance and Administration (IGA) Identity Management Jump Server Just-in-Time Access Just-in-Time Security Tokens Key IAM Concepts for IT Professionals Multi-Factor Authentication (MFA) OpenID Connect (OIDC) Privileged Identity Management (PIM) Radius Sudo User Account Types User IDs Unified IAM-PAM solution Internet of Things (IoT) IoT Security IoT: Accessing IoT devices for SSH What is IIoT? Operational Technology What is OT Security? Best OT Security Solutions Best Practices for Secure Remote OT Access Critical Infrastructure Cybersecurity: Key Concepts Explained How to Safeguard Your OT Network Without Separate IT/OT Solutions How to Secure IoT and OT Systems: A Practical Guide ICS OT Security Industrial Automation Cybersecurity: Key Considerations and Risks IT vs OT Navigating OT Security Standards OT, ICS, SCADA explained OT Risk Management: What It Is and Why You Need It OT Security Assessment OT Security Best Practices OT Security Essentials OT Governance: Key Principles for Effective Implementation PAM and IACS Integration PAM & IEC 62443 Access Control Standards PAM for Energy Sector PAM for Manufacturing PrivX for Energy Sector PrivX for Forestry Industry Remote Diagnostics for Ships Remote Maintenance of Pulp&Paper Machines SCADA Security Essentials: Your Need-to-Know Guide What Is OT Monitoring and Why Is It Important? What is the IT/OT Convergence? Why Is Zero Trust Access Important in OT? Password and Secrets Management A Guide to Passwordless and Keyless Authentication Break-Glass Access Credential Management System Password and Key Rotation Password Attack Types Password Generator Password Strength Best Practices Password Vaults Passwordless Authentication - Advantages Passwordless Authentication - Implementation Passwordless Explained pt. 1 Passwordless Explained pt. 2 Secrets Management Guide Secrets Vault Zero Standing Privileges (ZSP) Privileged Access Management AI in PAM for Predictive Security Automating PAM Best PAM Solutions 2025 Comparing PAM Solutions Challenges in Cross-Platform PAM Integrating PAM with SIEM KPIs for PAM Least Privilege PAM Best Practices PAM Checklist PAM Enhances Remote Work Security PAM Lifecycle Management PAM Vendors: Must-Have Capabilities for Effective Access Control Privileged Access Management (PAM) Privileged Access Management (PAM) in the Cloud PrivX MFA The Strategic Role of PAM PAM - IT Benefits for Different Industries PAM for Pharmaceuticals Data Security PAM for Healthcare PrivX PA; for Financial Industry Data PrivX PAM for Government and Public Sector PrivX PAM for Healthcare Industry PrivX PAM for Manufacturing PrivX PAM for Media and Entertainment Industry PrivX PAM for Pharmaceutical and Biotechnology Data Privileged Accounts and Sessions Privilege Elevation and Delegation Management Privileged Account PrivX Against Privileged Account Hijacking Privileged Account and Session Management (PASM) Root Accounts Public Key Infrastructure (PKI) What is Public Key Infrastructure (PKI)? PKI Background PKI Certificates X.509 Certificates Secure Information Sharing (SIS) Business Email Compromise (BEC) Business Email Compromise: How to Prevent BEC Attacks Digital Signatures Email Phishing Enterprise Email Security Secure Data Sharing Secure Email Gateways (SEGs) Secure Shell (SSH) What is Secure Shell (SSH)? What is the Secure Shell (SSH) Protocol? Automated M2M Connections Network Monitoring OpenSSH OpenSSH Server Process (SSHD) Port 22 Remote File Copy (RCP) Remote Login (rlogin) Remote Shell (RSH) Secure File Copy (SCP) Session Key Single Sign-On (SSO) Using SSH Agent SSH Command SSH Configuration SSH for Windows SSH Software Downloads SSH Server SSH Server Configuration Tectia SSH Server Telnet WinSCP SSH protocol Vs Microsoft: A Comprehensive Guide Security Orchestration Basics of Security Orchestration Data Loss Prevention (DLP) Security Information and Event Management (SIEM) Security Operations Center (SOC) Security Orchestration, Automation, and Response (SOAR) SFTP & Secure Remote Access File Transfer Protocol (FTP) Clients File Transfer Protocol (FTP) Legacy File Transfer Protocol (FTP) Servers Obsolescent Secure File Transfer Protocol (FTPS) Secure Remote Access (SRA) SSH File Transfer Protocol (SFTP) SSH Clients What are SSH Clients? Tectia SSH Client PuTTY Background PuTTY Download PuTTY for Linux PuTTY for Mac PuTTY for Windows PuTTY for Windows Installation PuTTY Public Keys PuTTYgen for Linux PuTTYgen for Windows SSH Keys A Basic Overview of SSH Keys Authorized Key Authorized Keys File Authorized Keys in OpenSSH CAC and PIV Smartcards Copy ID Passphrase Passphrase Generator Public Key Authentication SSH Host Key SSH Key SSH Key Identities SSH Key Management SSH Key Proliferation SSH Keys for SSO SSH Keygen SSH Tunneling SSH Tunneling SSH Tunneling Example Hacks, Threats & Vulnerabilities BothanSpy & Gyrafalcon Breaches in Operational Technology Breaches Involving Passwords & Credentials GoScanSSH Malware Man-in-the-Middle Prevent Data Exfiltration with PrivX PAM PrivX PAM Against Malware & Ransomware Password Sniffing Operational Technology (OT) Breaches IT/OT convergence is moving operations in manufacturing, shipping, utilities, and other operational technology (OT) industries to the hybrid cloud. This shift has opened doors to new attack vectors and prompted more interest from bad actors towards OT. This page lists some notable OT incidents.

Contents Maersk Case Norsk Hydro Case Tower Semiconductor LTD. (STEM) Case Florida Water Treatment Plant Case Colonial Pipeline Case References Maersk Case

In 2017, Maersk was infected by the NotPetya malware that brought down the vast majority of Maersk’s critical network and took hostage of most end-user clients and applications rendering them useless. Moreover, the malware damaged the fixed-line phones and wiped out Outlook contacts which disrupted the entire corporate communication and put the global operation to a halt. In fact, almost the entire Maersk fleet was out of operation for about two weeks.

Being faced with a malicious cyberattack, Maersk learned the hard way that their backup plan did not include images of their network setup. Fortunately, the company was able to retrieve an uninfected copy of its Active Directory from a Maersk office in Nigeria. The copy had been secure thanks to a power outage in the local area that had taken the server offline while the malware was spreading.

By gaining access to that copy and through a huge effort from the Maersk task team, they were able to successfully restore the core access to the essential data. The Maersk team even established contact with the NotPetya creator and gained valuable insight into this dangerous malware. Maersk became the first corporate in the world to reverse engineer the malware.

An interesting opinion of the leader of Maersk’s IT team who won over the cyberattack: “Automated detection and response are key. Automated protection is worth its weight in gold. And Privileged Access Management (PAM) takes on increasing importance. With a more limited number of privileged accounts, it is reasonable to assume that a much lower number of machines would have been infected, something like 5,000 rather than the 55,000 seen at Maersk," Adam Banks – Chief Technology and Information Officer of Maersk.

Norsk Hydro Case

In 2019, Norsk Hydro experienced a disruptive attack known as LockerGoga, which brought the giant Norwegian aluminum business down to its knees. LockerGoga is ransomware more sophisticated than NotPetya. Basically, LockerGoga can log existing users off, change their passwords, encrypt the files on servers in the network, and also post ransom messages on the screens of infected computers demanding the company to pay a ransom in bitcoins to gain back the control. 

From the investigation review, it turned out that the LockerGoga ransomware was able to enter the Norsk Hydro system when an employee opened an infected email sent by a trusted customer. This attack forced Norsk Hydro to switch to manual operations with pen and paper and the company suffered losses of tens of millions of dollars in damage. Even so, Norsk Hydro refused to pay the ransom and chose to be transparent about the cyberattack while actively seeking help from internal and external sources.

The attack is currently attributed to criminal hackers, but it remains under investigation. Norsk Hydro has recovered by gradually rebuilding its systems, improving its disaster recovery backup plans, and putting more focus on cybersecurity threat mitigation.

Tower Semiconductor LTD. (TSEM) Case

In 2020, TESM was targeted with a ransomware cyberattack which forced the corporate to halt its operations in certain manufacturing facilities as a preventive strategy. TSEM reported having paid the ransom (approximately $250,000 in Bitcoin) in an attempt to resume normal operations. Tower semiconductor also was implementing measures to prevent the attack from expanding wider. After paying the ransom, TSEM expects to return to normal operation almost immediately.

Florida Water Treatment Plant Case

In early 2021, a hacker was able to access a Florida water treatment plant monitor software that can adjust the level of sodium hydroxide (lye) in water via remote access.

The attacker attempted to adjust the lye level up to 11,100 ppm which potentially could have severely impacted the health of 15,000 citizens living in the area. Luckily, an employee noticed the suspicious remote access when the bad actor was operating the mouse on the screen to adjust the lye setting. He quickly changed the systems back to the normal settings and informed the management about disabling all remote access.

This attack is particularly serious since it could have potentially caused physical harm or even casualties, had it not been stopped. There are two key elements in this case: the water treatment plant used an outdated operating system (Windows 7) which is no longer supported by Microsoft. This opened backdoors to the attacker.

Another reason was the use of ungoverned shared accounts among the staff for remote access via the TeamViewer application.

Colonial Pipeline Case

Colonial Pipeline is responsible for gasoline supply in the East Coast, USA; also known as the largest petroleum pipeline in the US. In 2021, the system of Colonial Pipeline went down for several days due to the cyberattack from a group of criminal hackers based in Eastern Europe called DarkSide.

When the attack happened, it caused chaos in the gasoline supply chain on the East Coast, causing consumers to hoard gas and creating spikes in gas prices. This is considered the largest cyberattack in the energy industry in the United States. As a result of the ransomware attack, the company ended up paying at least 4,4 million USD in bitcoin to restore operations.

Under investigation, they found out that the breach may originate from a leaked password to an old account that had access to the virtual private network (VPN), which is used to make the remote access the corporate’s servers.

The account didn’t have multifactor authentication, so the username and password were the only two things the hacker needed to gain the access to the largest petroleum supplier in the USA. Intriguingly, Colonial Pipeline was able to recover part of its bitcoin deposit by following the trail from the hacker’s wallet. The Colonial Pipeline was able to resume normal operations without a prolonged disruption to its fuel supply.

SSH's solutions for OT PrivX OT Editioncan provide secure access Management for Critical Operational Technology (OT)
Just-in-Time (JIT) and Zero Trust access for on and off-site operators and maintenance engineers with PrivX OT Edition.

 

References

https://www.cyberscoop.com/norsk-hydro-lockergoga-ransomware/

https://news.microsoft.com/transform/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/

https://www.i-cio.com/management/insight/item/maersk-springing-back-from-a-catastrophic-cyber-attack

https://securityboulevard.com/2021/02/hacker-breaches-florida-water-treatment-plant-adds-lye-to-citys-water-supply/

https://www.calcalistech.com/ctech/articles/0,7340,L-3848490,00.html

https://www.forbes.com/sites/leemathews/2021/02/15/florida-water-plant-hackers-exploited-old-software-and-poor-password-habits/?sh=717c7283334e

https://www.vox.com/recode/22428774/ransomeware-pipeline-colonial-darkside-gas-prices

SSH is a leading defensive cybersecurity company that secures communications between humans, systems, and networks. We specialize in Zero Trust Privileged Access Controls and Quantum Safe Network Security. Our customers include a diverse range of enterprises, from multiple Fortune 500 companies to SMBs across various sectors such as Finance, Retail, Technology, Industrial, Healthcare, and Government. 25% of Fortune 100 companies rely on SSH’s solutions. Recent strategic focus has expanded SSH business to Defence, Critical Infrastructure Operators, Manufacturing OT Security and Public Safety.

Leonardo S.p.A invests 20.0 million EUR in SSH, becoming the largest shareholder of the company. SSH solutions form a Center of Excellence for Zero Trust privileged access management and quantum-safe network encryption in Leonardo - a global industrial group that creates multi-domain technological capabilities in the Aerospace, Defence and Security sector with 17.8 billion EUR revenue in 2024. SSH company’s shares (SSH1V) are listed on Nasdaq Helsinki.

 

Solutions Zero Trust Suite Zero Trust Suite & Entra ID Integration Quantum-Safe Cryptography (QSC) SalaX Secure Collaboration Security Risk Mitigation OT security MSP Security Device Trust Monitoring & Threat Intelligence Credentials & Secrets Management IT Audits & Compliance Products PrivX™ Hybrid PAM PrivX Key Manager Tectia SSH Client/Server™ Tectia™ z/OS Secure Messaging Secure Mail Secure Sign NQX™ Quantum-Safe Services SSH Risk Assessment™ Professional Services Support Resources Careers References Downloads Manuals Events & Webinars Blog Company About us Contact Investors Partners Press Stay on top of the latest in cybersecurity Be the first to know about SSH’s new solutions, product updates, new features, and other SSH news!

Thanks for submitting the form. © Copyright SSH • 2025 • Legal

智能索引记录