Netcrook Logo
👤 KERNELWATCHER
🗓️ 10 Feb 2026   🌍 Europe

Industrial Intruders: How Hackers Are Learning to Hijack Factories from Within

Subtitle: Cybercriminals are evolving, using “living-off-the-plant” tactics to turn industrial machinery’s quirks into devastating attack vectors.

Picture this: a shadowy hacker quietly infiltrates a water treatment plant, not by smashing through digital doors, but by blending in - using the plant’s own control systems and obscure quirks against it. Until recently, such targeted sabotage was the stuff of spy thrillers. Now, cyber experts warn, reality is catching up fast, and the world’s factories, dams, and critical infrastructure may soon face a new breed of digital predator.

For years, the industrial world’s best defense against cyberattacks was its own idiosyncrasy. Old, obscure, and wildly inconsistent, operational technology (OT) - the machinery running power grids, water plants, and factories - was simply too weird for most hackers to master. When ransomware struck, it often hit IT systems, with OT shut down only as collateral damage or a desperate containment measure, as seen in the infamous Colonial Pipeline incident.

But that luck may be running out. Ric Derbyshire, a principal security engineer at Orange Cyberdefense, warns that attackers are now doing their homework. In his upcoming RSA Conference demonstration, Derbyshire will show how hackers can “live off the plant,” a riff on the IT world’s “living-off-the-land” (LotL) approach, where attackers use only the built-in tools of a system to stay undetected.

The difference? In OT, every plant is its own unique puzzle - some built in the 1980s, others in the 2020s, all cobbled together with different tech and processes. In one chilling example, hackers accessed a Norwegian dam’s control interface using default passwords, but lacked the knowledge to cause real harm. That hesitation, Derbyshire suggests, may soon disappear as attackers learn the ins and outs of industrial protocols like Siemens’ S7comm.

The rise of “living-off-the-plant” means attackers could manipulate configuration files, exfiltrate sensitive data, or even trigger physical disruptions - all while camouflaged within normal operations. And with AI tools and online forums making OT knowledge more accessible, obscurity is a vanishing shield. Yet, Derbyshire notes, this complexity can still buy defenders precious time to detect and respond to intruders before disaster strikes.

As cybercrime evolves, the world’s industrial backbone faces a quiet, growing threat. The next wave of OT attacks won’t announce itself with flashy malware, but with subtle sabotage - wielded by adversaries who finally know which levers to pull.

WIKICROOK

  • Operational Technology (OT): Operational Technology (OT) includes computer systems that control industrial equipment and processes, often making them more vulnerable than traditional IT systems.
  • Living: Living off the Land means attackers use trusted system tools (LOLBins) for malicious actions, making their activities stealthy and hard to detect.
  • Programmable Logic Controller (PLC): A Programmable Logic Controller (PLC) is a specialized computer that automates and controls industrial processes in factories, utilities, and infrastructure.
  • Security by Obscurity: Security by Obscurity means hiding system flaws instead of fixing them, hoping attackers won't find them - a risky and discouraged security approach.
  • Human: A human is an individual interacting with digital systems, often providing oversight, validation, and decision-making in cybersecurity processes like HITL.
Cybersecurity Operational Technology Industrial Attacks
KERNELWATCHER KERNELWATCHER
Linux Kernel Security Analyst
← Back to news