As Pro-Russia Hactivists Target OT Systems, Here’s What You Need To Know
2024-5-3 01:48:0 Author: www.tenable.com(查看原文) 阅读量:13 收藏

Marty Edwards

As Pro-Russia Hactivists Target OT Systems, Here’s What You Need To Know

U.S. and international cybersecurity and law enforcement agencies this week issued a joint fact sheet to highlight and safeguard against the continued malicious cyber activity conducted by pro-Russia hacktivists against operational technology (OT) devices in North America and Europe. Read on to get all the details and learn what actions to take today.

Against the backdrop of the third anniversary of the Colonial Pipeline attack on May 7, a group of cybersecurity and law enforcement agencies from the U.S., Canada and the U.K. published a fact sheet warning that pro-Russia hacktivists are targeting and compromising small-scale operational technology (OT) systems in North American and European sectors, including water and wastewater systems (WWS); dams; energy; and food and agriculture. According to the document, this malicious activity has been observed since 2022 and as recently as April 2024.

It’s the latest warning that bad actors and nation states have new avenues through which they can wreak havoc and tamper with or shut down critical infrastructure by exploiting vulnerabilities in increasingly converging IT and OT systems. 

What you need to know

Various government agencies have warned in recent years that pro-Russia hacktivists are gaining remote access to OT systems by exploiting publicly exposed internet-facing connections and taking advantage of outdated remote access Virtual Network Computing (VNC) software. These hacktivists also exploit users’ human machine interface (HMIs) factory-default passwords, as well as weak passwords without multi-factor authentication.

This latest fact sheet warns that pro-Russia hacktivists were observed in early 2024 using a variety of techniques to gain remote access to HMIs and make changes to the underlying OT. These techniques include:

  • Using the VNC protocol to access HMIs and make changes to the underlying OT. VNC is used for remote access to graphical user interfaces, including HMIs that control OT systems.
  • Leveraging the VNC Remote Frame Buffer protocol to log in to HMIs to control OT systems.
  • Leveraging VNC over Port 5900 to access HMIs by using default credentials and weak passwords on accounts not protected by multi-factor authentication.

After having their HMIs manipulated, victims reported limited physical disruptions from water pumps and blower equipment exceeding their normal operating parameters. In each case, the hacktivists maxed out set points, altered other settings, turned off alarm mechanisms, and changed administrative passwords to lock out the WWS operators. Some victims experienced minor tank overflow events, but most victims reverted to manual controls in the immediate aftermath and quickly restored operations.

What you need to do

The fact sheet recommends taking the following actions: 

  • Immediately change all default passwords of OT devices (including PLCs and HMIs), and use strong, unique passwords
  • Limit exposure of OT systems to the internet
  • Implement multi-factor authentication for all access to the OT network

At Tenable, we would urge critical infrastructure providers to follow a few additional basic guidelines to prevent attacks from landing, such as:

  • Use cryptographic keys in addition to password-protection protocols like password rotation to secure remote access
  • Log and audit OT network activity by contractors and employees to prevent identity and credential-based attacks

The joint fact sheet was published by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), Department of Energy (DOE), U.S. Department of Agriculture (USDA), Food and Drug Administration (FDA), Multi-State Information Sharing and Analysis Center (MS-ISAC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdom’s National Cyber Security Centre (NCSC-UK).

Learn more

To learn how Tenable helps secure water and other critical infrastructure, download our solution brief. Further information and guidance on securing critical infrastructure is available in our whitepaper. Or experience the power of Tenable firsthand with a live demo by visiting https://www.tenable.com/products/tenable-ot

Marty Edwards

Marty Edwards

Marty Edwards, Deputy CTO for OT and IoT, Tenable: Marty Edwards is a globally recognized Operational Technology (OT) and Industrial Control System (ICS) cybersecurity expert who collaborates with industry, government and academia to raise awareness of the growing security risks impacting critical infrastructure and the need to take steps to mitigate them. As Deputy CTO for OT/IoT at Tenable, Edwards works with government and industry leaders throughout the world to broaden understanding and implementation of people, process and technology solutions to reduce their overall cyber risk in order to inform Tenable’s overall strategy. Edwards organized and currently leads Tenable’s role in the OT Cybersecurity Coalition, a group that works collaboratively with industry and government stakeholders, advocating for vendor-neutral, interoperable, and standards-based cybersecurity solutions to enhance the nation’s collective defense. In 2022, Edwards served as one of the working group leads for the National Security Telecommunications Advisory Committee (NSTAC) report to the President on IT/OT Convergence. Prior to joining Tenable in 2019, Edwards—a 30-year industry veteran—served as the Global Director of Education at the International Society of Automation (ISA). While at ISA, he was recognized by his industry peers with the SANS ICS 2019 Lifetime Achievement Award. Prior to ISA, Edwards was the longest-serving Director of the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and is a past co-chair of the DHS Control Systems Working Group. Edwards also served as a program manager focused on control systems security at the Department of Energy’s (DOE’s) Idaho National Laboratory (INL) and has held a variety of roles in the instrumentation and automation fields. Edwards holds a diploma of technology in Process Control and Industrial Automation (Magna cum Laude) from the British Columbia Institute of Technology (BCIT), and in 2015 received the institute’s Distinguished Alumni Award. In 2016, Edwards was recognized by FCW in its “Federal 100 Awards” as being one of the top IT professionals in the U.S. federal government.

Related Articles

  • Federal
  • Government
  • OT Security
  • SCADA

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank You

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a Demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
In Action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management In Action

Know the exposure of every asset on any platform.

Thank You

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.


文章来源: https://www.tenable.com/blog/as-pro-russia-hactivists-target-ot-systems-heres-what-you-need-to-know
如有侵权请联系:admin#unsafe.sh