Pro-Russian hacktivists have been targeting important technology used in water, wastewater, energy, dam and other key sectors in North America and Europe, according to international government agencies.
The international advisory released last week explained that these hacktivists are exploiting vulnerabilities in cyber defenses to disrupt operations and even pose physical threats in some cases.
The advisory highlights the sectors affected, including water, wastewater, energy, dams, food, and agriculture. It warns that these hacks are exploiting weaknesses in industrial control systems and other devices crucial for maintaining and monitoring industrial processes.
The advisory also provides guidance on defending operational technology (OT) devices and industrial control systems (ICS), which are involved in the maintenance, monitoring or controlling of industrial processes.
While the hacktivists' techniques are described as relatively unsophisticated, they have managed to create disturbances by tampering with equipment settings. For example, they have caused water pumps and other machinery to exceed safe operating levels, leading to minor incidents like tank overflow.
One specific incident mentioned in the report occurred in Muleshoe, Texas, where Russian hacktivists claimed responsibility. Although the advisory does not explicitly link these activities to known groups like Sandworm, a Russian military intelligence operation, there are suspicions of their involvement.
To mitigate these threats, the advisory suggests immediate actions such as changing default passwords to strong, unique ones and limiting the exposure of industrial control systems on the internet. Additionally, implementing multi-factor authentication is recommended to enhance security.
Government officials emphasized the importance of technology vendors incorporating robust security measures into their products by default. This includes configuring systems to require users to set unique passwords upon installation, rather than relying on factory default settings.
The advisory was jointly produced by CISA, Federal Bureau of Investigation, National Security Agency, Environmental Protection Agency, Department of Energy, Department of Agriculture, Food and Drug Administration, Multi-State Information Sharing and Analysis Center, Canadian Centre for Cyber Security and the United Kingdom’s National Cyber Security Centre.
