Enhancing IT/OT Security Posture Against Erlang/OTP SSH Exploits Through Threat Campaign Assessment

Nabila Latifa Tullaili; Ridwan Satrio Hadikusuma; Aries Suharso

doi:10.32493/epic.v8i1.58567

Authors

Nabila Latifa Tullaili Universitas Singaperbangsa Karawang
Ridwan Satrio Hadikusuma Universitas Indonesia https://orcid.org/0000-0003-1849-7150
Aries Suharso Universitas Singaperbangsa Karawang

DOI:

https://doi.org/10.32493/epic.v8i1.58567

Keywords:

Erlang/OTP Vulnerability, Keysight Threat Simulator, Malware Campaign, SSH Exploits, Zero Trust Security

Abstract

The convergence of Information Technology (IT) and Operational Technology (OT) infrastructures exposes organizations to new risks, particularly when facing critical vulnerabilities. This research evaluates the security posture of IT/OT environments against CVE-2025-32433, a severe vulnerability in Erlang/OTP’s SSH daemon that allows unauthenticated remote code execution. The assessment was conducted in a real environment using the Keysight Threat Simulator, where simulated threats were injected from the darkcloud, passed through a Palo Alto Networks firewall, and targeted a host system (Windows Server 2016) with Keysight Agent version 25.7.3-1751647889 and ATI version 25.5.4181.502994. This campaign involving seven malware scenarios using remote hosts and DNS callbacks. The results showed 43 prevention outcomes, 0 detection events, and 9 security recommendations. While the firewall prevented part of the attacks, the detection capability at the host level failed entirely, indicating potential blind spots in monitoring and response.The study concludes that proactive threat simulation is essential for identifying prevention gaps and detection weaknesses in converged IT/OT networks. Recommendations include strengthening host-based detection, improving IT/OT segmentation, and enhancing monitoring of DNS traffic to mitigate exploitation risks.

References

A blended approach of static binary mining and exploratory data analysis to obtain the security posture of embedded systems firmware. (2025). International Journal of Information and Computer Security. https://www.inderscienceonline.com/doi/abs/10.1504/IJICS.2025.145105

Azzahri, M. N., et al. (2024). The application of Cowrie honeypot to analyze attacks on SSH and Telnet protocols. In 2024 IEEE 2nd International Conference on Electrical Engineering, Computer and Information Technology (ICEECIT) (pp. 290–295). https://doi.org/10.1109/ICEECIT63698.2024.10859786

Bhole, M., Sauter, T., & Kastner, W. (2025). Enhancing industrial cybersecurity: Insights from analyzing threat groups and strategies in operational technology environments. IEEE Open Journal of the Industrial Electronics Society, 6, 145–157. https://doi.org/10.1109/OJIES.2025.3527585

Bölin, O., & Van Daele, P. (2024). Penetration testing of one-time password authentication. https://urn.kb.se/resolve?urn=urn:nbn:se:bth-26640

Caviglia, R. (2025). Novel approaches to standard-based cybersecurity risk management in OT environments (Doctoral dissertation). https://tesidottorato.depositolegale.it/handle/20.500.14242/200922

Cho, H., & Kim, S. (2025). Threat modeling for the defense industry: Past, present, and future. IEEE Access, 13, 53276–53304. https://doi.org/10.1109/ACCESS.2025.3550337

Cyber security breaches in corporate networks: A literature review on recent threats and their impact. (2025). Theseus. https://www.theseus.fi/handle/10024/887316

Dalal, A. (2025). Designing zero trust security models to protect distributed networks and minimize cyber risks. Social Science Research Network. https://doi.org/10.2139/ssrn.5268092

Easttom, C. (2025). A study of North Korea’s cyber warfare: Actors, tactics, and AI integration. EBSCOhost. https://openurl.ebsco.com/contentitem/gcd:184729845

Fojude, M. (2025). Insider threat agent: A behavioral-based zero trust access control using machine learning agent (Doctoral dissertation, Georgia Southern University). https://digitalcommons.georgiasouthern.edu/etd/2942

Framework for assessing information system security posture risks. (2025). ProQuest. https://www.proquest.com/openview/5e0312b388937340d2f316706f3b4223/1

Garg, P. (2025). Cloud security posture management: Tools and techniques. Social Science Research Network. https://doi.org/10.2139/ssrn.5357921

Hussain, M., & Rahbi, F. (2025). Strengthening cloud security: Innovations in posture management tools and techniques (Unpublished manuscript). https://doi.org/10.13140/RG.2.2.24821.90082

Koli, L., Kalra, S., Thakur, R., Saifi, A., & Singh, K. (2025). AI-driven IRM: Transforming insider risk management with adaptive scoring and LLM-based threat detection. arXiv. https://doi.org/10.48550/arXiv.2505.03796

Kolli, R. K., Priyanshi, E. R., & Vashishtha, P. S. (2024). Palo Alto firewalls: Security in enterprise networks. International Journal of Engineering Development and Research, 12(3), 1–13.

Lee, I., & Choi, C. (2025). MuCamp: Generating cyber campaign variants via TTP synonym replacement for group attribution. IEEE Transactions on Information Forensics and Security, 20, 6162–6174. https://doi.org/10.1109/TIFS.2025.3578233

Metibemu, O. C., Adesokan-Imran, T. O., Ajayi, A. J., Tiwo, O. J., Olutimehin, A. T., & Olaniyi, O. O. (2025). Developing proactive threat mitigation strategies for cloud misconfiguration risks in financial SaaS applications. Journal of Engineering Research and Reports, 27(3), 393–413. https://doi.org/10.9734/jerr/2025/v27i31442

Mining threat intelligence from billion-scale SSH brute-force attacks. (2025). IDEALS. https://www.ideals.illinois.edu/items/115715

Nair, R. R. (2025). Evaluating the effectiveness of AI-driven threat intelligence systems: A technical analysis. Journal of Computer Science and Technology Studies, 7(3), 514–524. https://doi.org/10.32996/jcsts.2025.7.3.58

Ofili, B. T., Erhabor, E. O., & Obasuyi, O. T. (2025). Enhancing federal cloud security with AI: Zero trust, threat intelligence and CISA compliance. World Journal of Advanced Research and Reviews, 25(2), 2377–2400. https://doi.org/10.30574/wjarr.2025.25.2.0620

Osholake, S. F., Umealajekwu, C., Edohen, A., Majekodunmi, A. O., & Evans-Anoruo, U. (2024). Human–AI collaborative security operations: Optimizing SOC analyst cognitive load through augmented intelligence frameworks (Unpublished manuscript).

Oyeniyi, J. O., & Oyeniran, O. A. (2025). Optimizing information security in cloud environments. Journal of Cybersecurity and Emerging Research Practices. https://digitalcommons.kennesaw.edu/jcerp/vol2025/iss1/8

Redavid, F. (2024). Exploiting race conditions to break the OTP authentication mechanism in web applications (Master’s thesis, Politecnico di Torino). https://webthesis.biblio.polito.it/33225

Securing against advanced cyber threats: A comprehensive guide to phishing, XSS, and SQL injection defense. (2025). Neliti. https://www.neliti.com/publications/589857

Security challenges and mitigation strategies in multi-cloud environments: A comprehensive analysis. (2025). Scholars Repository. https://eprint.scholarsrepository.com/id/eprint/2287

Yulianto, S., Soewito, B., Gaol, F. L., & Kurniawan, A. (2025). Enhancing cybersecurity resilience through advanced red-teaming exercises and MITRE ATT&CK framework integration. Cyber Security Applications, 3, 100077. https://doi.org/10.1016/j.csa.2024.100077