- Agencies warn of attacks on ATG systems
- Attackers exploit weak credentials and SQL injection
- Mitigation includes stronger passwords and removing internet exposure
Critical infrastructure organizations should move to harden their Automatic Tank Gauge (ATG) systems to defend against ongoing attacks. This is the warning given earlier this week by the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and other agencies.
In a joint press release, those agencies said they were “aware of malicious cyber activity targeting US-based automatic tank gauging systems.”
“The author organizations urge ATG owners and operators to defend against this malicious activity by securing their ATG systems with strong passwords and by removing them from the Internet to reduce public exposure.”
A list of remedies
ATG systems are monitoring devices used in fuel storage tanks that automatically measure fuel levels, temperature, potential leaks and other vitals that help operators manage inventory and detect problems early.
The agencies could not attribute the ongoing attacks to any specific threat actor or nation state, but said what businesses should be aware of. Apparently, the attackers use either hard-coded credentials, command execution and SQL Injection attacks, or privilege escalation to gain access to the devices.
Once inside, attackers usually change system attributes (network settings, product identifiers, tank volumes, pump controls), compound operational errors, and disable system alarms.
The advisory lists a number of things organizations can do to mitigate risk, including eliminating public Internet exposure, limiting access, and enforcing tighter credential security. The full list of suggested remedies can be found at this link.
Securing critical infrastructure has always been a challenge for nation states, and now with the advent of artificial intelligence, it has only become more difficult. To that end, Britain’s GCHQ debuted the world’s first AI cyber defense system earlier this week
In an annual lecture held earlier this week at Bletchley Park, GCHQ director Anne Keast-Bulter laid out the plans for the shield, saying that Russia and China pose an ever-increasing cyber threat to Britain’s national interests and way of life.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
