- The CISA warns against “non -sophisticated” attacks targeting the oil and gas industries
- “Basic and elementary” techniques are used
- Critical infrastructure is increasingly threatened by cyber attacks
The American Cybersecurity and Infrastructure Safety Agency (CISA) has published a warning describing an increase in “non -sophisticated” and “basic” cyber attacks targeting industrial control systems and supervision and data acquisition systems (ICS / SCADA) in critical infrastructure sectors – the oil and gas sectors.
It is not entirely unexpected, because critical infrastructure has long been a higher target for cybercriminals. The services that these industries provide are often essential to the daily life of many, so any time of stopping can be catastrophic and expensive – which means that attackers have a serious lever effect if they are able to obtain access to systems.
The attacks that have been observed, in particular against energy and transport systems, often include “basic and elementary intrusion techniques”, confirms Cisa – but even basic attacks can harm an organization in the right conditions.
Hygiene cyber
Bad hygiene of cyber hygiene and exposed assets can degenerate these threats, CISA prevents and can lead to “important consequences such as degradation, configuration changes, operational disturbances and, in serious cases, physical damage”.
Advice for critical infrastructure on the protection of threats often include robust detection capacities, frequent and up -to -date correction of known vulnerabilities, applying strict password policies forcing solid and unique passwords are used at any time, and staff training at all levels of cybersecurity.
“Writing organizations urged critical infrastructure entities to examine and act now to improve their cybersecurity posture against Cyber-Menace activities specifically and intentionally the OT and the CI connected,” describes the information sheet on CISA guidelines.
Critical infrastructure is confronted with a difficult set of challenges, because increasing geopolitical tensions see more and more key industries, and that developments in AI tools mean that entry barriers are now lower for cybercriminals, which are able to send attacks at a much higher frequency and which require much less skills – perhaps explaining the increase in fundamental techniques and elementary.
