CyberSecurity news
FlagThis
Sergiu Gatlan@BleepingComputer
//
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, EPA, and DOE, have issued a joint alert regarding escalating cyber threats targeting operational technology (OT) and industrial control systems (ICS) within critical U.S. infrastructure. These agencies are urging critical infrastructure asset owners and operators, particularly in the energy and transportation sectors, to immediately review and implement measures to strengthen their cybersecurity defenses against intentionally targeted internet-connected OT and ICS. The alert emphasizes that while the intrusion techniques employed are often basic, the presence of poor cyber hygiene and exposed assets can significantly amplify the threat, potentially leading to severe consequences like defacement, operational disruptions, or even physical damage.
CISA is specifically highlighting the risk posed by "unsophisticated cyber actors" targeting ICS/SCADA systems within the oil and natural gas sectors. These threat actors exploit common vulnerabilities such as default passwords, exposed devices, and misconfigured remote access, often identified through publicly available search engine tools. OT devices are deemed particularly vulnerable due to their lack of modern authentication and authorization mechanisms, making them easily discoverable and exploitable. Organizations are urged to remove OT connections from the public internet to mitigate this risk.
To address these threats, CISA recommends several immediate actions, including removing OT connections from the public internet, securing remote access with private IP connections and VPNs utilizing multi-factor authentication, and changing default passwords on OT systems to strong, unique credentials. The agency also emphasizes the importance of segmenting IT and OT networks to reduce the risk of disruptions to essential OT operations, limiting privileges and disabling dormant accounts, and preparing for manual operations in the event of a cyber incident. CISA advises critical infrastructure entities to identify all public-facing assets and eliminate any unintentional exposure, as well as working closely with managed service providers, system integrators, and product vendors to ensure secure configurations.
ImgSrc: www.bleepstatic
References :
CISA is specifically highlighting the risk posed by "unsophisticated cyber actors" targeting ICS/SCADA systems within the oil and natural gas sectors. These threat actors exploit common vulnerabilities such as default passwords, exposed devices, and misconfigured remote access, often identified through publicly available search engine tools. OT devices are deemed particularly vulnerable due to their lack of modern authentication and authorization mechanisms, making them easily discoverable and exploitable. Organizations are urged to remove OT connections from the public internet to mitigate this risk.
To address these threats, CISA recommends several immediate actions, including removing OT connections from the public internet, securing remote access with private IP connections and VPNs utilizing multi-factor authentication, and changing default passwords on OT systems to strong, unique credentials. The agency also emphasizes the importance of segmenting IT and OT networks to reduce the risk of disruptions to essential OT operations, limiting privileges and disabling dormant accounts, and preparing for manual operations in the event of a cyber incident. CISA advises critical infrastructure entities to identify all public-facing assets and eliminate any unintentional exposure, as well as working closely with managed service providers, system integrators, and product vendors to ensure secure configurations.
ImgSrc: www.bleepstatic
Share:
References :
- industrialcyber.co: CISA, FBI, EPA, DOE issue joint alert on rising cyber threats to critical infrastructure OT systems
- BleepingComputer: CISA warns of hackers targeting critical oil infrastructure
- securityaffairs.com: Unsophisticated cyber actors are targeting the U.S. Energy sector
- securityonline.info: CISA Warns of Unsophisticated Cyber Actors Targeting U.S. Critical Infrastructure OT Systems
- thecyberexpress.com: Unsophisticated Hackers Targeting ICS/SCADA Systems: CISA
- www.scworld.com: US warns oil and gas sectors of ‘unsophisticated' cyberattacks
- Vulnerable U: CISA Warns of OT Attacks By Lower-Level Adversaries
- Industrial Cyber: CISA, FBI, EPA, DOE issue joint alert on rising cyber threats to critical infrastructure OT systems
- www.techradar.com: CISA warns cybercriminals are attacking critical infrastructure, with oil and gas under particular focus.
- SecureWorld News: Agencies Issue Warning on Threats to Oil and Gas ICS and OT Systems
- www.cybersecuritydive.com: CISA, FBI warn of ‘unsophisticated’ hackers targeting industrial systems
Classification:
- HashTags: #OTsecurity #EnergySector #CriticalInfrastructure
- Company: CISA
- Target: US Energy Sector
- Product: ICS/SCADA
- Feature: Basic Intrusion
- Type: Hack
- Severity: Medium