The US Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms about a surge in cyberattacks on operational technology (OT) and industrial control systems (ICS).
These systems, which are crucial for the functioning of critical infrastructure, are increasingly falling victim to hackers employing brute force tactics to gain unauthorized access.
This warning comes amid a backdrop of growing concerns regarding cybersecurity, particularly in sectors that are vital for public safety, such as water and wastewater management.
Brute Force Attacks on OT Systems
CISA has specifically highlighted that cybercriminals are primarily using basic brute-force methods to target internet-connected devices in OT and ICS environments.
This approach involves attempting to log into systems using default credentials, a strategy that is alarmingly effective. Although CISA refrained from naming specific groups behind these attacks, there are indications that some of these hackers may have links to Russian cyber entities.
Their focus appears to be on infiltrating systems that manage water treatment processes, distribution networks, and pressure controls, which could lead to significant public health risks if compromised.
The implications of such breaches are dire; hackers can disrupt water supply systems, which directly affects millions of people.
A successful intrusion into these systems could lead to contamination or interruptions in service, threatening the health and safety of communities.
Rising Frequency of Cyberattacks
This warning from CISA aligns with findings from Fortinet, a prominent cybersecurity firm, which recently conducted a survey involving over 550 professionals in the OT sector worldwide.
The results were striking—73% of respondents reported experiencing cyberattacks this year, a significant jump from 49% in 2023.
The alarming increase indicates a growing trend where cyber criminals are swiftly adapting their tactics to bypass existing security measures, leaving organisations struggling to keep up.
Furthermore, the frequency of these attacks has escalated alarmingly. The survey revealed that 31% of respondents encountered more than six cyber intrusions over the past year.
This statistic highlights a stark contrast to the previous year, where only 11% reported a similar experience. It is evident that the threat landscape is evolving, with attackers becoming more aggressive and persistent.
Recommendations for Protection
CISA has urged operators of OT and ICS in critical infrastructure sectors to take proactive measures to secure their systems.
The agency recommends following best practices outlined in the “Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity” article.
Organisations are encouraged to explore CISA’s Secure by Design webpage, which offers valuable insights into secure-by-design principles and practices.
Implementing strong security protocols is paramount. This includes regularly changing default passwords, employing multi-factor authentication, and ensuring that all software and systems are up-to-date with the latest security patches.
By taking these steps, operators can significantly reduce their vulnerability to cyberattacks.