US govt warns of pro-Russian hacktivists targeting water facilities
The US government is warning that pro-Russian hacktivists are seeking out and hacking into unsecured operational technology (OT) systems used to disrupt critical infrastructure operations.- The joint advisory comes from six US govt agencies, including CISA, FBI, NSA, EPA, DOE, USDA, and FDA, as well as the Multi-State Information Sharing and Analysis Center (MS-ISAC),
- Canada's Centre for Cyber Security (CCCS), and
- United Kingdom's National Cyber Security Centre (NCSC-UK).
OT devices are a combination of hardware and software platforms used to monitor and control physical processes or activities in manufacturing, critical infrastructure, and other industries. For example, water plants use OT devices to manage water treatment, distribution, and pressure to provide a continuous and safe water supply. In an advisory released today, the US government warns that pro-Russian hacktivists have been targeting insecure and misconfigured OT devices since 2022 to disrupt operations or create "nuisance effects.""Pro-Russia hacktivist activity against these sectors appears mostly limited to unsophisticated techniques that manipulate ICS equipment to create nuisance effects," reads the joint advisory."However, investigations have identified that these actors are capable of techniques that pose physical threats against insecure and misconfigured OT environments."The government says that many of the attacks are overexaggerated, but some recent attacks in 2024 led to a bit more disruption.
A pro-Russian hacktivist group known as the Cyber Army of Russia has claimed to be behind attacks on Texas and Indiana water treatment and processing plants, as well as water infrastructure in Poland and France.While the Texas water facility confirmed an attack caused a tank to overflow, the Indiana wastewater treatment plant told CNN they were targeted but not breached.While the Cyber Army and other groups claim to be hacktivists, a recent Mandiant report linked the group to the Sandworm hackers, an advanced persistent threat actor tracked as APT44 and linked to Russia’s Main Intelligence Directorate (GRU), the country’s foreign military intelligence agency.
Mitigating attacks on OT devicesThe advisory warns that government agencies have seen these hacktivists targeting OT devices through different techniques, mainly utilizing VNC:- Using the VNC Protocol to access human machine interfaces (HMIs) and make changes to the underlying OT. VNC is used for remote access to graphical user interfaces, including HMIs that control OT systems.
- Leveraging the VNC Remote Frame Buffer Protocol to log into HMIs to control OT systems.
- Leveraging VNC over Port 5900 to access HMIs by using default credentials and weak passwords on accounts not protected by multifactor authentication
To protect against these attacks, the advisory offers a wide range of steps, including putting HMIs behind firewalls, hardening VNC installs, enabling multifactor authentication, applying the latest security updates, and changing default passwords, and increasing the overall security posture of IT environments. ___________________________________________________________________________________
LATEST
-
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option.
-
The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks.
-
Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows.
-
NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28.
-
Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs.
-
SPONSORED CONTENTIdentity Access Management (IAM) solutions are recognized as an essential component to a business's overall security strategy. Learn more from Tenfold Security on how a business can benefit from an IAM solution.
-
Earning your CISSP certification can be intimidating if you don't have the right materials. These eight CISSP training courses get you ready for your exam for $34.97, $389 off the $424 MSRP.
- BLEEPINGCOMPUTER DEALS
- MAY 03, 2024
- 07:11 AM
-
Onur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide.
-
Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices.
0
