Industrial systems are under threat from relatively inexperienced hackers, as per the alerts issued by CISA and FBI.
In a recent advisory, security agencies have urged leaders in critical infrastructure sectors to strengthen their cybersecurity measures, particularly for operational technology (OT) environments that are exposed to the internet. The warning specifically concerns key sectors such as the oil and gas industry, energy, and transportation, with a focus on smaller entities like power companies and water treatment facilities.
The advisory emphasizes the importance of adopting VPNs with strong passwords and multifactor authentication for remote access to OT networks. It also advises securing remote access using a private IP network and removing OT connections from the public internet. The guidance is similar to previous warnings about threat actors targeting drinking and wastewater treatment providers and small power companies.
Paul Shaver, Mandiant's global practice lead for OT/ICS security, has highlighted the basic state of cyber hygiene in OT environments as lacking. He emphasized the importance of building a good perimeter and defendable environments to protect these critical assets.
Recent years have seen examples of industrial control systems (ICS) and OT environments being targeted by unsophisticated threat actors. These entities, which are often smaller and have limited cybersecurity resources, represent attractive targets due to the potentially significant impact of disruption.
The broader cyber threat landscape includes ransomware and supply chain attacks impacting critical suppliers. For instance, the UNFI cyberattack affected supply chains serving major grocery distributors. While UNFI is not part of the critical infrastructure, it serves as a reminder of how operational disruption can cascade through supply chains.
The evolving threat environment also includes increased targeting of AI and automated systems used in OT, as well as the use of signed malicious drivers to perform kernel-level attacks.
Paul Shaver encourages every asset owner to prioritize these security improvements. The advisory, co-authored by the U.S. Department of Energy and the Environmental Protection Agency, does not provide specific details on the three major security improvements it recommends. However, it reiterates the need for heightened cybersecurity in these critical infrastructure areas to prevent operational and public health impacts.
[1] Reference for UNFI cyberattack: https://www.reuters.com/business/us-unfi-says-cyber-attack-affects-supply-chain-2021-09-09 [2] Reference for increased targeting of AI and automated systems: https://www.securityweek.com/researchers-warn-increased-targeting-ics-automation-systems [4] Reference for use of signed malicious drivers: https://www.securityweek.com/researchers-find-malware-signed-legitimate-driver-used-kernel-level-attacks
- The advisory for leaders in critical infrastructure sectors, such as the oil and gas industry, energy, and transportation, stresses the necessity of using VPNs with strong passwords and multifactor authentication for accessing operational technology (OT) networks.
- Paul Shaver, a global practice lead for OT/ICS security, has pointed out the need for strengthening cybersecurity in OT environments, even though they are often lacking in basic cyber hygiene.
- The threat landscape in recent years has expanded to include unsophisticated threat actors targeting industrial control systems (ICS) and OT environments, particularly smaller entities with limited cybersecurity resources.
- The evolving threat environment now includes increased targeting of AI and automated systems used in OT, as well as the use of signed malicious drivers to execute kernel-level attacks.
