In the last decade, there have been many cyber attacks on industrial control systems (ICSs), some of the most significant of which include the Black Energy attack in 2007 and the Night Dragon campaign of 2011. Black Energy began as an HTTP-based toolkit used to generate bots to launch distributed denial-of-service attacks, but by 2014, it had evolved into a supervisory control and data acquisition plug-in used to infect organizations in ICS and energy markets around the world. Night Dragon used a SQL injection attack to enable the installation of malware and remote access Trojans on web servers, which were then used to launch forays against internal targets. Although designed to steal sensitive information from organizations in the global oil, energy, and petrochemical industries, the tools and techniques used in the campaign could be deployed successfully against any industry.