Pro-Russia hacktivists are targeting operational technology systems in the water, energy and agricultural sectors by exploiting poor cyber hygiene techniques.
Threat groups are looking to compromise industrial control systems at small-scale operations in Europe and North America that are exposed to the Internet and use default passwords or lack multifactor authentication, officials warned.
The targeting thus far has involved unsophisticated techniques that target components like human-machine interfaces. The agencies urged providers to immediately change to more complex passwords and implement multifactor authentication.
The warning follows months of threat activity targeting water and wastewater treatment facilities, which began in late 2023 from threat groups linked to Iran’s Islamic Revolutionary Guard Corps.
White House and Environmental Protection Agency officials in March urged state homeland security experts to submit plans to secure water and wastewater treatment facilities by 20 May.
Volt Typhoon, a state-linked group affiliated with the People’s Republic of China, has also been active against the US’ water sector and FBI Director Chris Wray warned in an April speech about state-sponsored activity targeting multiple critical infrastructure sectors.
“Now, these pro-Russia hacktivists have been compromising internet-exposed industrial control systems, largely through the use of insecure configurations, like factory default weak passwords and a lack of multifactor authentication,” Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity & Infrastructure Security Agency (CISA), told reporters on a conference call Wednesday.
The activity thus far has mainly involved hackers conducting nuisance activity, like manipulating human-machine interfaces so the operators have to revert to manual use, Goldstein said. The concern is hackers may be able to take control over these systems and engage in more dangerous activities.
Goldstein said technology vendors need to help make these products more secure, so that users do not have to constantly change security settings when they take their products out of the box.
“Operational technology is commonly used across the food and agriculture sector, and organizations are encouraged to implement best practices to defend these systems from foreign adversaries,” Jonathan Braley, Director of the Food and Ag-ISAC, said via e-mail.
Providers should take mitigation steps including disconnecting human-machine interfaces from the public-facing Internet and make backups of the engineering logic, configurations and firmware to enable fast recovery
News Wires