In many cases, industrial organizations - while arguably a valuable catch - aren't initially targeted by the attacker, and a cyber-physical attack isn't the goal. That trend was underscored this past year, according to researchers at Mandiant's Cyber Physical Intelligence team. They identified a noticeable uptick in OT-related incidents since 2020, with most of the actors not looking to turn off the lights, poison the water, or perform any physical outcome. Their tactics were less-than-sophisticated, too, and often they weren't necessarily even looking for OT targets but instead had stumbled upon these victims. Mandiant's research, published today, on publicly reported and not-previous public OT incidents shows a rise in attackers this past year attempting to monetize their access to an exposed ICS system, and a wave of information-sharing by attackers who shared videos and screenshots of industrial systems they were able to access and how they did it - at a level more frequent than Mandiant has seen before.