Article Details

CISA warns of hackers targeting critical oil infrastructure. CISA warned critical infrastructure organizations of "unsophisticated" threat actors actively targeting the U.S. oil and natural gas sectors. While these attacks use very basic tactics to compromise their targets' industrial control systems (ICS) and operational technology (OT) equipment, CISA also cautioned that they could still lead to significant impact, including physical damage and disruptions. "CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems," the cybersecurity agency noted. "Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage." In a joint advisory issued with the FBI, the Environmental Protection Agency (EPA), and the Department of Energy (DOE), CISA also shared detailed guidance to help network defenders reduce the risk of potential breaches. The agency advised security teams to ensure that their organizations' attack surface is as small as possible by removing public-facing OT devices from the internet, because threat actors can easily find and compromise them because they lack modern authorization and authentication methods that could protect against hacking attempts. CISA also recommended changing default passwords to unique and strong ones and securing remote access to OT assets by using a virtual private network (VPN) featuring phishing-resistant multifactor authentication (MFA). The joint advisory also advises segmenting IT and OT networks using demilitarized zones to separate local area networks from untrusted networks, and practicing reverting to manual controls to quickly restore operations in the event of an incident. "Business continuity and disaster recovery plans, fail-safe mechanisms, islanding capabilities, software backups, and standby systems should all be routinely tested to ensure safe manual operations in the event of an incident," the agencies said. "The authoring organizations recommend that critical infrastructure organizations regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance as they work to secure their OT." This advisory comes after CISA and the EPA warned water facilities to secure their Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks in December. Three months earlier, the U.S. cybersecurity agency also said threat actors were trying to breach critical infrastructure networks (including water and wastewater systems) by targeting Internet-exposed industrial devices using default credentials and "unsophisticated" methods like brute force attacks. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.