The US cybersecurity agency CISA, the FBI, EPA, and the DoE on Tuesday issued an alert to warn organizations of cyberattacks targeting the country’s oil and natural gas sector.
The observed attacks, the government agencies say, leverage basic intrusion techniques, but the lack of poor cyber hygiene within critical infrastructure organizations could lead to disruptions and even physical damage.
“CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems,” the cybersecurity agency notes.
The unsophisticated threat actors CISA is referring to are likely hacktivist groups – or hackers claiming to be hacktivists. In recent years, many such groups have targeted SCADA and other ICS that were left exposed to the internet and either completely unprotected or accessible with default passwords.
The hackers’ claims are in many cases exaggerated, but industrial cybersecurity experts often warn that these attacks could have a significant impact.
In their alert, CISA, the FBI, EPA, and the DoE urge critical infrastructure organizations to “act now to improve their cybersecurity posture against cyber threat activities specifically and intentionally targeting internet connected OT and ICS.”
To defend against these threats, organizations should ensure that OT systems are not directly accessible from the internet and that remote access to them is properly secured with VPNs, strong passwords, and phishing-resistant multifactor authentication (MFA).
They should also identify and immediately rotate default passwords, apply network segmentation for critical systems, and ensure they can operate OT systems manually.
Additionally, organizations are advised to work with relevant entities to identify and address misconfigurations that may be introduced during standard operations, default product configurations, or by system integrators or managed service providers.
“The authoring organizations recommend that critical infrastructure organizations regularly communicate with their third-party managed service providers, system integrators, and system manufacturers who may be able to provide system-specific configuration guidance as they work to secure their OT,” CISA, the FBI, EPA, and the DoE note.
CISA also recommends that critical infrastructure organizations review and implement the resources that the agency has made available over the recent years to help them reduce the attack surface, implement network segmentation, adopt secure by design principles and phishing-resistant MFA, and more.
Related: White House Proposal Slashes Half-Billion From CISA Budget
Related: CISA Warns of Exploited Broadcom, Commvault Vulnerabilities
Related: CISA Analyzes Malware Used in Ivanti Zero-Day Attacks
Related: CISA, FBI Warn of China-Linked Ghost Ransomware Attacks