The US Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with other security agencies including the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), recently issued a warning regarding the activities of pro-Russia hacktivists who are targeting operational technology (OT) systems and critical national infrastructure. Water and wastewater systems, dams, energy, and food, and agriculture, both in the USA and Europe, are among the industries at risk.
While these malicious actors employ relatively unsophisticated techniques, they pose a significant physical threat to small-scale critical infrastructure by targeting unsecure and misconfigured OT environments. Their modus operandi is to compromise modular, internet-exposed industrial control systems (ICS) through their software components, such as human machine interfaces (HMIs), by exploiting virtual network computing (VNC) remote access software and default passwords as well as weak passwords without multifactor authentication.
Recently, the hacktivists manipulated HMIs, causing water pumps and blower equipment to exceed their normal operating parameters. The hacktivists simply maxed out set points, altered other settings, turned off alarm mechanisms, and changed administrative passwords to lock out operators. Not too terribly sophisticated but potentially lethal. Fortunately, while a minority of victims experienced inconsequential tank overflow events, most victims were able to revert to manual controls to quickly restore operations.
Mitigation Recommendations
To mitigate the risks arising from hacktivist activities, CISA recommends the following proactive measures for critical infrastructure organizations:
Additionally, our expert analysts at Radiflow strongly recommend the following crucial steps to strengthen your organization’s defense:
Protecting Critical Infrastructure
This recent warning from CISA underscores the importance and urgency of cybersecurity for all critical infrastructure. It serves as a blunt reminder that even unsophisticated techniques can pose a significant physical threat to essential infrastructure and services, emphasizing the need to continuously strengthen cybersecurity defenses to safeguard critical assets.
For more information see: https://www.cisa.gov/resources-tools/resources/defending-ot-operations-against-ongoing-pro-russia-hacktivist-activity
Unsophisticated cyberattacks can compromise vital OT systems and critical infrastructure
Cybersecurity e Safety: le sfide della Transizione 5.0 | 15 novembre 2024
Cybersecurity e Safety: le sfide della Transizione 5.0 | 30 ottobre 2024
NIS2 for OT Systems