- CISA warns of 'unsophisticated' attacks targeting oil and gas industries
- 'Basic and elementary' techniques are being used
- Critical infrastructure is increasingly at risk from cyberattacks
The US Cybersecurity and Infrastructure Security Agency (CISA) has released a warning outlining an increase in ‘unsophisticated’ and ‘basic’ cyberattacks targeting Industrial Control Systems and Supervisory Control and Data Acquisition (ICS/SCADA) systems in critical infrastructure sectors - the oil and gas industries.
This isn’t entirely unexpected, as critical infrastructure has long been a top target for cybercriminals. The services that these industries provide are often key to the daily lives of many, so any downtime can be catastrophic and costly - meaning that attackers have serious leverage if they are able to gain systems access.
The attacks that have been observed, particularly against Energy and Transportation Systems, often include ‘basic and elementary intrusion techniques’, CISA confirms - but even basic attacks can harm an organization in the right conditions.
Cyber Hygiene
Poor cyber hygiene and exposed assets can escalate these threats, CISA warns, and can lead to “significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage.”
Guidance for critical infrastructure on threat protection often includes robust detection capabilities, frequent and up-to-date patching of known vulnerabilities, enforcing strict password policies mandating strong and unique passwords are used at all times, and training staff on all levels in the basics of cybersecurity.
“The authoring organizations urge critical infrastructure entities to review and act now to improve their cybersecurity posture against cyber threat activities specifically and intentionally targeting internet connected OT and ICS,” CISA’s guidance fact sheet outlines.
Critical infrastructure is facing a difficult set of challenges as rising geopolitical tensions see hackers increasingly target key industries, and developments in AI tools mean that the barriers of entry are now lower for cybercriminals, who are able to send out attacks at a much higher frequency and that require much less skill - perhaps explaining the increase in ‘‘basic and elementary” techniques.
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- M&S checkout chaos persists as cyberattack fallout continues
