← Home

Network Attacks

Common network-based threats target the confidentiality, integrity and availability of industrial communication systems. In Operational Technology (OT) environments, successful network attacks can disrupt control traffic, manipulate process data, or deny operators visibility of plant conditions.

Status: ○ Planned — basic notes only; content to be expanded.


Common Network Threats

Unpatched Vulnerabilities

Software, firmware and operating system flaws that remain unpatched provide known entry points for attackers. In industrial networks, patching is often delayed due to uptime requirements, legacy equipment, or vendor certification constraints — leaving systems exposed to exploits targeting published vulnerabilities.


Broadcast Storms & Flood Attacks (DoS / DDoS)

A broadcast storm occurs when excessive broadcast or multicast traffic floods a network segment, consuming bandwidth and CPU on switches and end devices until normal communication fails — effectively a denial of service.

Flood attacks deliberately overwhelm a target with traffic. Denial of Service (DoS) attacks originate from a single source; Distributed Denial of Service (DDoS) attacks use many compromised hosts (a botnet) to amplify the effect.


Spoofing

Spoofing involves falsifying identity information — such as IP addresses, MAC addresses, or hostnames — to impersonate a trusted device or user on the network.


Man-in-the-Middle (MITM)

An attacker positions themselves between two communicating parties, intercepting and potentially altering traffic without either side being aware. On flat or poorly segmented OT networks, MITM attacks can capture engineering commands or modify setpoints in transit.


Replay Attacks

A replay attack captures legitimate network traffic and retransmits it later to impersonate an authorised action — for example, replaying a valid authentication sequence or control command.


Sniffing (Packet Capture / Eavesdropping)

Sniffing uses network monitoring tools to capture and analyse traffic on a shared or compromised network segment. Unencrypted protocols expose credentials, process data and engineering commands to passive observation.


Session Hijacking

Session hijacking takes over an established communication session after authentication has already occurred, allowing the attacker to act as the legitimate user without needing credentials.


Buffer / Stack Overflow

Buffer and stack overflow vulnerabilities occur when a program writes more data to a memory buffer than it can hold, overwriting adjacent memory — including return addresses on the call stack. Attackers exploit this to execute arbitrary code, often gaining control of a device or service.


Related Topics