The Cybersecurity and Infrastructure Security Agency (CISA) has warned of ongoing attacks targeting critical infrastructure networks by exploiting internet-exposed industrial devices using simple methods like brute force attacks and default credentials. The agency emphasized that these attacks are impacting water and wastewater systems.
OT devices, which integrate hardware and software, help monitor and control physical processes in industries such as manufacturing and water treatment plants. In the latter, they regulate water treatment processes, distribution, and pressure to ensure a continuous and safe water supply.
CISA advised OT/ICS operators in critical infrastructure sectors at risk of attack to defend against malicious activity by applying measures shared in a May advisory. This includes changing default passwords, enabling multifactor authentication, placing human-machine interfaces behind firewalls, hardening VNC installs, and applying the latest security updates to their IT environments.
The agency’s warning comes after an Arkansas City, Kansas, water treatment facility was forced to switch to manual operations due to a cyberattack on Sunday. The U.S. Environmental Protection Agency (EPA) also issued guidance to help WWS owners and operators evaluate their cybersecurity practices and identify measures to reduce cyberattack exposure.
Source: https://www.bleepingcomputer.com/news/security/cisa-hackers-target-industrial-systems-using-unsophisticated-methods/