Hackers are increasingly targeting internet-connected operational technology (OT) and industrial control system (ICS) endpoints, a stark warning from the US Cybersecurity and Infrastructure Security Agency (CISA) has said.
In its warning, the agency did not say who the hackers are, but hinted they might be Russian, claiming hackers are going after devices through “unsophisticated means” – mostly brute-force attacks, and are trying to log into the devices by using default credentials.
They seem to be successful, too, and in many instances, they are compromising devices in the Water and Wastewater Systems (WWS) Sector. This allows them to do real-life, physical harm, since these devices regulate water treatment processes, distribution, and pressure. By targeting endpoints in the WWS sector, they could disrupt the continuous, safe water supply for many people.
Attacks on the rise
To defend their devices, OT and ICS operators in critical infrastructure sectors should apply the recommendations listed in Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity article, CISA stressed. The agency also urged organizations to visit CISA’s Secure by Design web page and learn more about the secure-by-design principles and practices.
CISA is hardly the first agency to warn about OT systems being hit as hard as never before. In mid-June 2024, Fortinet gave a similar assessment, after surveying more than 550 OT pros around the world, having found almost three quarters (73%) of businesses faced OT attacks this year.
In 2023, this figure was 49%, suggesting a significant increase in mere 12 months.
It’s not just about the breadth of the attacks, either. The frequency has also significantly increased, as a third (31%) of respondents reported more than six intrusions in the past year. The year before, just 11% reported the same thing.
Fortinet suggests cybercriminals have been quick to adapt to current security measures, while organizations lagged behind.
Via BleepingComputer