Summary: CISA has issued a warning about threat actors attempting to breach critical infrastructure networks, particularly targeting Internet-exposed industrial devices through unsophisticated methods like brute force attacks and default credentials. These attacks are affecting operational technology (OT) and industrial control systems (ICS), notably in water and wastewater systems.
Threat Actor: Pro-Russian hacktivists | pro-Russian hacktivists
Victim: Water and Wastewater Systems (WWS) Sector | water and wastewater systems
Key Point :
- CISA warns of ongoing attacks on critical infrastructure OT and ICS devices, particularly in water treatment facilities.
- Attackers are using unsophisticated techniques such as brute force attacks and default credentials to exploit vulnerabilities.
- Operators are advised to implement security measures like changing default passwords and enabling multifactor authentication to protect against these threats.
- Recent incidents, including a cyberattack on Arkansas City, highlight the urgent need for improved cybersecurity practices in the water sector.
- State and federal agencies are collaborating to enhance defenses against cyberattacks targeting water systems.
CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using “unsophisticated” methods like brute force attacks and default credentials.
According to the cybersecurity agency, these ongoing attacks targeting critical infrastructure OT and ICS devices are also impacting water and wastewater systems.
OT devices integrate hardware and software and help monitor and control physical processes in manufacturing, critical infrastructure, and other industries. In water treatment plants, for instance, they regulate water treatment processes, distribution, and pressure, ensuring a continuous and safe water supply.
“CISA continues to respond to active exploitation of internet-accessible operational technology (OT) and industrial control systems (ICS) devices, including those in the Water and Wastewater Systems (WWS) Sector,” CISA warned on Wednesday.
“Exposed and vulnerable OT/ICS systems may allow cyber threat actors to use default credentials, conduct brute force attacks, or use other unsophisticated methods to access these devices and cause harm.”
The cybersecurity agency advised OT/ICS operators in critical infrastructure sectors at risk of attack to defend against malicious activity by applying measures shared in a May advisory when it warned of pro-Russian hacktivists targeting water facilities.
As CISA said at the time, they have targeted insecure and misconfigured OT devices since 2022 to disrupt operations or create what it described as “nuisance effects” in attacks “mostly limited to unsophisticated techniques.”
To protect against such attacks, defenders can change default passwords, enable multifactor authentication, place human-machine interfaces (HMIs) behind firewalls, harden VNC installs, and apply the latest security updates to the overall security posture of their IT environments.
“This year we have observed pro-Russia hacktivists expand their targeting to include vulnerable North American and European industrial control systems,” said Dave Luber, NSA’s Director of Cybersecurity, in May.
Today’s advisory comes after Arkansas City, Kansas, revealed that a Sunday morning cyberattack forced it to switch its water treatment facility to manual operations. Last week, the U.S. Environmental Protection Agency (EPA) also issued guidance to help WWS owners and operators evaluate their cybersecurity practices and identify measures to reduce cyberattack exposure.
In March, the White House and EPA sought the support of state governors to defend water systems from cyberattacks, while the U.S. government sanctioned two Russian cybercriminals for targeting the water sector in July. In recent years, Iranian and Chinese state-backed hacking groups have also been linked to U.S. water system breaches.