As per the Cybersecurity and Infrastructure Security Agency ( CISA), threat actors were still leveraging brute force intrusions, default credentials, and other unsophisticated attack methods to target internet-exposed operational technology and industrial control systems of critical infrastructure organizations. Organizations that are running their ICS infrastructure without adequate visibility into their networks and operations are especially vulnerable to such threat actors.