- CISA warns of ‘unsophisticated’ attacks aimed at oil and gas industries
- ‘Basic and elementary’ techniques are used
- Critical infrastructure is increasingly at risk for cyberattacks
The US Cyber Security and Infrastructure Security Agency (CISA) has released a warning that outlines an increase in ‘unsophisticated’ and ‘basic’ cyberattacks targeted at industrial control systems and monitoring control and data collection (ICS/SCADA) systems in critical infrastructure sectors – oil and gas industry.
This is not entirely unexpected as critical infrastructure has long been a top target for cyber criminals. The services that these industries provide are often the key to many daily lives, so any downtime can be disastrous and expensive – which means attackers have serious leverage if they are able to access systems.
The attacks that have been observed, especially against energy and transport systems, often include ‘basic and elementary penetration techniques’, confirm CISA – but even basic attacks can harm an organization under the right conditions.
Cyberhygiene
Poor cyber hygiene and exposed assets can escalate these threats, CISA warns and can lead to “significant consequences such as rejection, configuration changes, operational disorders and in severe cases physical injury.”
Guide to critical infrastructure on threat protection often includes robust detection functions, frequent and up -to -date patching of known vulnerabilities, enforcement of strict password policies that require strong and unique passwords at all times, and educational personnel at all levels of basic cyber security.
“The author organizations are calling on critical infrastructure devices to review and act now to improve their cyber security position against cyber threat activities specifically and intentionally targeted Internet connections OT and ICS,” Cisa’s counseling inventory outlines.
Critical infrastructure faces a difficult set of challenges as rising geopolitical tensions are seeing hackers increasingly targeting key industries, and the development of AI tools means that barriers to the input are now lower for cyber criminals capable of sending attacks on a much higher frequency and requiring much less lessering the increase in ” basic ” basic ” basic ” basic ”
