- CISA warns of ‘little sophisticated’ attacks aimed at oil and gas industries
- ‘Basic and elementary’ techniques are being used
- Critical infrastructure is increasingly at risk of cyber attacks
The United States cybersecurity and infrastructure security agency (CISA) has published a warning that describes an increase in ‘non -sophisticated’ and ‘basic’ cyber systems aimed at industrial control systems and supervision control and data acquisition (ICS/SCAD) in critical infrastructure sectors: oil and gas industries.
This is not entirely unexpected, since critical infrastructure has long been a main objective for cybercriminals. The services provided by these industries are often key to the daily life of many, so any inactivity time can be catastrophic and expensive, which means that attackers have a serious influence if they can obtain access to systems.
The attacks that have been observed, particularly against energy and transport systems, often include ‘basic and elementary intrusion techniques’, CISA confirms, but even basic attacks can damage an organization in the right conditions.
Cyber hygiene
Bad cybernetic hygiene and exposed assets can climb these threats, CISA warns, and can lead to “significant consequences such as embezzlement, configuration changes, operational interruptions and, in severe cases, physical damage.”
The orientation for critical infrastructure on the protection of threats often includes solid detection capabilities, frequent and updated patches of known vulnerabilities, applying strict password policies that require strong and unique passwords at all times, and training personnel at all levels in basic cybersecurity concepts.
“Authors’ organizations urge critical infrastructure entities to review and act now to improve their cyber security position against specific and intentionally and intentionally cybernetic threat activities connected to the Internet and ICS,” describes the CISA guide data sheet.
Critical infrastructure faces a difficult set of challenges, since the increase in geopolitical tensions considers that computer pirates are increasing “Basic”.
