The introduction of an SMB protocol as an attack vector is for sure something new with respect to the previous version. At the same time, it is not new if we compare to other recent attacks, campaigns and malware, like WannaCry or Industroyer/Crashoverride. Having such new attack vectors may allow attackers to spread faster inside an IT/OT network to reach specific workstations, namely engineering or ones serving as a SCADA master or HMI, that can, in turn, take control of OT devices like PLCs and RTUs.

Read More