LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

How can Attack Trees model real-world industrial control system attacks?

They let you lay out many different routes to one goal — malware, social engineering, remote access, exposed components, DDoS, compromised endpoints — side by side, so you see that very different attack types converge on the same target.

Worked example — a "compromise an industrial control system (ICS)" goal, with its major branches (terms glossed from the original German):

Attack tree branches:

  • Schadsoftware aus Internet (Malware from Internet)
  • Social Engineering
    • Social Hacking (Spoofing, Phishing, Spear-Phishing)
    • Erpressung (Extortion)
    • Bestechung (Bribery) → Zielperson identifizieren (identify target person), Zielperson bestechen (bribe target person)
  • Fernwartungszugänge (Remote maintenance access)
  • Internet-verbundene Steuerungskomponenten (Internet-connected control components)
  • DDoS Angriff (DDoS Attack)
  • Kompromittierung v. Endgeräten (Compromising end devices)

Key insight: Attack trees help visualize complex real-world threats and show how social engineering, technical attacks, and physical access can all lead to the same goal.

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jun 20, 2026