{"id":3102,"date":"2025-06-11T11:09:16","date_gmt":"2025-06-11T09:09:16","guid":{"rendered":"https:\/\/insightevents.dk\/isc-cph\/?post_type=tec_session&#038;p=3102"},"modified":"2025-06-11T11:09:16","modified_gmt":"2025-06-11T09:09:16","slug":"seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics","status":"publish","type":"tec_session","link":"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/","title":{"rendered":"Seeing the forest for the trees \u2013 Tracking the evolution of 15 years of malicious behavior on OT\/ICS"},"content":{"rendered":"<p><em>Technical Level: Intermediate<\/em><\/p><p>Fifteen years after Stuxnet, OT\/ICS threats have evolved far beyond state-sponsored malware. This session tracks the broader landscape of malicious activity, from ransomware on engineering workstations to botnets targeting industrial routers. Using new data from honeypots and malware repositories, we highlight the real-world threats asset owners face today\u2014often overlooked in favor of high-profile attacks. Learn how attackers exploit perimeter devices, abuse OT protocols, wipe critical data, and infect legitimate OT software.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><em>Technical Level: Intermediate<\/em><\/p>\n<p>Fifteen years after Stuxnet, OT\/ICS threats have evolved far beyond state-sponsored malware. This session tracks the broader landscape of malicious activity, from ransomware on engineering workstations to botnets targeting industrial routers. Using new data from honeypots and malware repositories, we highlight the real-world threats asset owners face today\u2014often overlooked in favor of high-profile attacks. Learn how attackers exploit perimeter devices, abuse OT protocols, wipe critical data, and infect legitimate OT software.<\/p>\n","protected":false},"author":4,"featured_media":0,"template":"","meta":{"inline_featured_image":false,"footnotes":""},"session_track":[7],"session_location":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Seeing the forest for the trees \u2013 Tracking the evolution of 15 years of malicious behavior on OT\/ICS - Industrial Security Conference Copenhagen<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Seeing the forest for the trees \u2013 Tracking the evolution of 15 years of malicious behavior on OT\/ICS - Industrial Security Conference Copenhagen\" \/>\n<meta property=\"og:description\" content=\"Technical Level: IntermediateFifteen years after Stuxnet, OT\/ICS threats have evolved far beyond state-sponsored malware. This session tracks the broader landscape of malicious activity, from ransomware on engineering workstations to botnets targeting industrial routers. Using new data from honeypots and malware repositories, we highlight the real-world threats asset owners face today\u2014often overlooked in favor of high-profile attacks. Learn how attackers exploit perimeter devices, abuse OT protocols, wipe critical data, and infect legitimate OT software.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/\" \/>\n<meta property=\"og:site_name\" content=\"Industrial Security Conference Copenhagen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/\",\"url\":\"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/\",\"name\":\"Seeing the forest for the trees \u2013 Tracking the evolution of 15 years of malicious behavior on OT\/ICS - Industrial Security Conference Copenhagen\",\"isPartOf\":{\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/#website\"},\"datePublished\":\"2025-06-11T09:09:16+00:00\",\"dateModified\":\"2025-06-11T09:09:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/insightevents.dk\/isc-cph\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Seeing the forest for the trees \u2013 Tracking the evolution of 15 years of malicious behavior on OT\/ICS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/insightevents.dk\/isc-cph\/#website\",\"url\":\"https:\/\/insightevents.dk\/isc-cph\/\",\"name\":\"Industrial Security Conference Copenhagen\",\"description\":\"Industrial Security Conference Copenhagen\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/insightevents.dk\/isc-cph\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Seeing the forest for the trees \u2013 Tracking the evolution of 15 years of malicious behavior on OT\/ICS - Industrial Security Conference Copenhagen","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/","og_locale":"en_GB","og_type":"article","og_title":"Seeing the forest for the trees \u2013 Tracking the evolution of 15 years of malicious behavior on OT\/ICS - Industrial Security Conference Copenhagen","og_description":"Technical Level: IntermediateFifteen years after Stuxnet, OT\/ICS threats have evolved far beyond state-sponsored malware. This session tracks the broader landscape of malicious activity, from ransomware on engineering workstations to botnets targeting industrial routers. Using new data from honeypots and malware repositories, we highlight the real-world threats asset owners face today\u2014often overlooked in favor of high-profile attacks. Learn how attackers exploit perimeter devices, abuse OT protocols, wipe critical data, and infect legitimate OT software.","og_url":"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/","og_site_name":"Industrial Security Conference Copenhagen","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/","url":"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/","name":"Seeing the forest for the trees \u2013 Tracking the evolution of 15 years of malicious behavior on OT\/ICS - Industrial Security Conference Copenhagen","isPartOf":{"@id":"https:\/\/insightevents.dk\/isc-cph\/#website"},"datePublished":"2025-06-11T09:09:16+00:00","dateModified":"2025-06-11T09:09:16+00:00","breadcrumb":{"@id":"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/insightevents.dk\/isc-cph\/sessions\/seeing-the-forest-for-the-trees-tracking-the-evolution-of-15-years-of-malicious-behavior-on-ot-ics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/insightevents.dk\/isc-cph\/"},{"@type":"ListItem","position":2,"name":"Seeing the forest for the trees \u2013 Tracking the evolution of 15 years of malicious behavior on OT\/ICS"}]},{"@type":"WebSite","@id":"https:\/\/insightevents.dk\/isc-cph\/#website","url":"https:\/\/insightevents.dk\/isc-cph\/","name":"Industrial Security Conference Copenhagen","description":"Industrial Security Conference Copenhagen","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/insightevents.dk\/isc-cph\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"}]}},"_links":{"self":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/sessions\/3102"}],"collection":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/sessions"}],"about":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/types\/tec_session"}],"author":[{"embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/users\/4"}],"version-history":[{"count":0,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/sessions\/3102\/revisions"}],"wp:attachment":[{"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/media?parent=3102"}],"wp:term":[{"taxonomy":"tec_track","embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/session_track?post=3102"},{"taxonomy":"tec_location","embeddable":true,"href":"https:\/\/insightevents.dk\/isc-cph\/wp-json\/wp\/v2\/session_location?post=3102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}