Guest Post: Darktrace Describes Why AI Is Critical For Stopping The Rising Threat Of Cyber Attacks In Industrial Environments

Cyber-attacks on industrial environments are on the rise. Whether caused by attacks that bleed from the IT network and spill out on to critical systems or malware that specifically targets them, cyber criminals and nation states now have the ability to cause chaos at the click of a button: halting production or even causing power outages across cities.

The potential impact of an attack on critical national infrastructure should not be understated. As smart buildings, cities and the Internet of Things become more common, vulnerabilities are growing, and state sponsored attackers are on the lookout for ways in. The lines between cyber and physical are blurring and this raises the stakes for all involved – increasing the likelihood of unintentional escalations and further complicating international relations.

The key point is that critical environments do not fail gracefully. There isn’t the option of reverting to pen and paper and muddling along. 

Now is the time to build in cyber resiliency so these systems are able to resist and fight back against cyber-attacks.

Industrial environments cannot simply be air-gapped to keep them safe and so organizations need to invest in artificial intelligence systems that can work in the background to automatically and dynamically block attacks that not only bleed from IT but originate in industrial systems.

Below are a series of industrial threat finds Darktrace AI has detected in recent weeks. These real-life threat finds are great examples of the threats facing industrial environments, as well as the vulnerability of IoT devices, and how AI is capable of stopping them in their tracks.


Like almost every other business across the globe, a US construction company transitioned to remote working.

To facilitate the transition, they protected their IT network with the usual firewalls and anti-virus software and focused on how industrial technology could continue to safely operate while employees worked from home.

What they failed to remember was that the air conditioning units back at their HQ were connected to the corporate network – so that the temperature could be automatically monitored. As attackers scanned all devices at the HQ for vulnerabilities, they noticed this air conditioning unit was left exposed and hacked into the air conditioning.

In a stroke of good timing, the company deployed Darktrace’s cyber AI – entrusting the technology to not only detect but automatically respond to cyber-attacks. Immediately, AI spotted that one air conditioning unit was acting suspiciously compared to the other 9 units and, without human intervention, stopped the hackers from pivoting into more critical industrial control systems.


Governments around the world have issued official warnings for state hackers targeting universities and research agencies in a bid to steal information on a cure for COVID-19. 

This month, at a renowned academic institution in Singapore, AI detected and automatically stopped an academic cryptocurrency malware in the organization: likely to be a variant of Shellbot. On the face of it, this attack may not seem like one aiming to steal or halt research efforts.

However cryptomining is extremely resource-intensive for security teams. It is often a tactic used by sophisticated hackers to distract security teams from a more serious attack like subtle data exfiltration. What’s more, if AI had not stepped in at machine speed, the malware could have bled into the industrial control systems at the institution, resulting in widespread outages. This would physically interrupt production of vaccines, medicines or cutting-edge technology.


IoT devices, such as Internet-connected cameras, are becoming increasingly common in personal, business and industrial environments, yet threats targeting IoT are difficult to detect and often go unnoticed since these devices effortlessly connect to digital infrastructure.

In late May, Darktrace detected Mirai malware infecting an Internet-facing CCTV surveillance camera at a Canadian logistics company. Mirai is an old threat that is still used to target IoT devices.

Having analysed this device’s transfers within the context of a continuously evolving understanding of what is normal both for this device and for the wider organization, Darktrace AI spotted some unusual behaviour: the infected camera was making connections to multiple IP addresses that were statistically rare for the network. Specifically, the compromised device began transferring large amounts of data to an IP address in China.

As there were no antivirus or other security tools covering the IoT camera, without AI this would have gone undetected – the client saw no indicators of malicious activity beyond a sluggish network. Once the client was promptly notified, the compromise was deescalated, and the client took the camera offline.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: