CISA Warns: Critical Infrastructure Under Cyberattack
The Cybersecurity and Infrastructure Security Agency (CISA) reported cyberattacks targeting critical infrastructure networks, including water supply systems and wastewater treatment facilities. Malicious actors are attempting to breach internet-connected OT and ICS devices using brute-force attacks and default credentials.
Operational Technology (OT) devices are the hardware and software used to control and monitor physical processes in manufacturing, critical infrastructure, and other sectors. For instance, in water supply systems, these devices oversee water purification, distribution, and pressure regulation, ensuring a stable and safe water supply.
CISA emphasized that these attacks already affect OT and ICS devices in the water supply and wastewater management sectors. To safeguard against such threats, CISA recommends that operators of OT and ICS devices in critical sectors implement security measures such as changing default passwords, enabling multi-factor authentication, isolating Human-Machine Interfaces (HMIs) behind firewalls, strengthening VNC protections, and regularly updating security systems.
Recently, CISA Director Jen Easterly stated that software developers who release products with vulnerabilities are the real culprits behind cyberattacks. Easterly urged technology companies to stop producing defective code that opens the door for cybercriminals. She stressed that it is the technology suppliers who create the issues that attackers exploit to target their victims.
It has also recently come to light that U.S. water supply systems have become a target for cyberattacks by hackers from China and Iran, causing growing concern among authorities. Iran frequently operates through hacktivists rather than state entities. For example, the Sandworm group has been linked to attacks on water facilities in the U.S. and Europe, one of which even led to a reservoir overflow. Meanwhile, China is accused of launching cyberattacks on critical infrastructure, including water supply systems, through the Volt Typhoon group.
