Unsophisticated Cyber Actors Target U.S. Energy Sector

The U.S. energy sector has been put on high alert as unsophisticated cyber actors target Industrial Control Systems (ICS)/SCADA systems in the oil and natural gas industry, as well as transportation sectors. According to a joint alert issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the U.S. Department of Energy (DoE), these attackers are exploiting poor cyber hygiene practices to cause significant disruptions.

The researchers behind the alert have observed that the attackers are using basic and elementary intrusion techniques, which may seem simplistic in nature but can lead to major consequences. "CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems," reads the alert.

These attacks often begin with poor cyber hygiene practices, such as exposed assets and default passwords. "Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions, and, in severe cases, physical damage," warns the alert.

The U.S. agencies are urging Critical Infrastructure Asset Owners and Operators to take immediate action to reduce the risk of potential intrusions. To do so, they recommend reviewing the fact sheet "Primary Mitigations to Reduce Cyber Threats to Operational Technology." The recommended steps include:

  • Remove OT from public internet
  • Change default passwords
  • Secure remote access with VPN and MFA
  • Segment IT/OT networks
  • Ensure manual OT operation capability

"These steps help counter simple yet scalable OT cyber threats and reduce risks of disruptions, damage, and system compromise due to poor cyber hygiene and exposure," explains the alert. The U.S. agencies warn that misconfigurations can be introduced during standard operations, by a system integrator, managed service provider, or as part of the default product configuration by the system manufacturer.

"Government experts recommend working with the relevant groups to address these issues to prevent the accidental introduction of vulnerabilities in critical infrastructure," adds the alert. The U.S. energy sector must take proactive measures to protect itself against these threats and ensure the continued operation of critical infrastructure.