Connected factories offer more and more possibilities to bring business logic in the industrial related components like industrial control systems (ICS). These systems in the operational technology (OT) sector are usually harder to update and to maintain compared to IT systems. In recent years, the number of cyberattacks that are specifically tailored to OT systems has increased. We analyzed BlackEnergy 3 (BE3), Crashoverride (CO), and Trisis (TS). After describing the occurrences of these attacks, we looked for similar strategies between these three approaches and propose promising methods to prevent such or similar attacks in the future.