TLDR:
– Global agencies are warning of increased cyberattacks against operational technology (OT) devices
– Pro-Russia hacktivist groups are targeting small-scale industrial control systems in critical infrastructure
In recent months, global federal agencies have raised concerns about a rise in cyberattacks by pro-Russia hacktivist groups targeting operational technology (OT) devices in critical infrastructure across North America and Europe. These agencies, including the CISA, FBI, NSA, and others, have observed these threat actors compromising small-scale industrial control systems like human-machine interfaces (HMIs) used in sectors such as water/wastewater, dams, energy, and food/agriculture facilities.
The hacktivists are targeting these systems through relatively unsophisticated techniques like exploiting publicly exposed internet connections, using default or weak passwords, and remotely manipulating HMI settings. While the physical disruptions caused by these attacks have been limited so far, authorities warn that the potential for greater impacts is significant if vulnerabilities are not addressed.
The advisory provided by these agencies includes recommendations for critical infrastructure owners and OT manufacturers to improve their cybersecurity defenses. Key suggestions include disconnecting internet-exposed HMIs/controllers, implementing strong passwords, requiring multi-factor authentication, and ensuring devices are patched and up-to-date. Manufacturers are also urged to eliminate default passwords and include logging in their devices.
Overall, the warning highlights the importance of securing OT devices in critical infrastructure to prevent potentially damaging cyberattacks from hacktivist groups. Organizations are encouraged to report any suspicious incidents promptly to the relevant authorities to mitigate risks.