Multiple US government agencies, including CISA, the FBI, EPA, and DoE, have issued an alert about cyberattacks targeting the country’s oil and natural gas infrastructure. The attacks mainly involve basic intrusion techniques, but poor cybersecurity practices could lead to significant disruptions or physical damage. (Affected: US critical infrastructure systems)
Keypoints :
- Cyberattack threats are specifically targeting industrial control systems (ICS) and SCADA systems within the oil and natural gas sectors.
- Most observed attacks use unsophisticated techniques, often exploiting exposed internet-facing systems with default or weak passwords.
- Organizations are urged to enhance cybersecurity by securing OT systems, disabling direct internet access, and implementing strong remote access controls.
- Recommendations include rotating default passwords, applying network segmentation, and ensuring manual operation capabilities for critical systems.
- Critical infrastructure entities should collaborate with third-party providers to address misconfigurations and improve system security.
- The agencies recommend utilizing available resources to reduce attack surfaces, adopt secure design principles, and implement multifactor authentication resistant to phishing.
- Continuous communication with system integrators and diligent cybersecurity practices are essential to prevent exploitation.
Read More: https://www.securityweek.com/us-warns-of-hackers-targeting-ics-scada-at-oil-and-gas-organizations/