Kaspersky says the majority of attacks are not targeted at control systems, but they could still exploit vulnerabilities. Phishing emails with malicious attachments are the main attack vector for penetrating industrial enterprises, according to a report by Kaspersky, which says the type of attack has become “route for workstations in the industrial sphere.”
The phishing emails are “carefully crafted”, and appear to be sent from real companies masked as business correspondence, including commercial offers, invitations to tender, or requests for payment. Certain attacks have even used legitimate documents, which have been stolen in preparation.
Source: Tech HQ