The Canadian Centre for Cyber Security has issued a serious warning to CISOs and other decision makers: hacktivists are increasingly targeting internet exposed industrial control systems (ICS).
Escalating Attacks on Critical Systems
The government cybersecurity agency provided several examples of recent attacks reported to authorities, highlighting the tangible risk these opportunistic hackers pose.
In one incident, hackers breached a water facility and tampered with water pressure valves. This resulted in degraded service for the community served by the compromised system. In another case, attackers targeted a Canadian oil and gas company, triggering false alarms by manipulating an automated tank gauge (ATG). ATGs are known to be plagued by severe vulnerabilities and have been a target for hackers for at least a decade.
A third example detailed an attack on a farm where hackers manipulated temperature and humidity parameters inside a grain drying silo. The agency noted that the attackers' actions could have led to unsafe conditions had they not been caught quickly.
The Motivation: Media Attention and Discredit
The Canadian Centre for Cyber Security explained that hacktivists often target internet accessible and poorly secured ICS devices primarily to gain media attention, discredit organizations, and "undermine Canada’s reputation." These groups typically launch opportunistic attacks rather than targeting specific organizations.
The threat is significant: there are at least 100,000 internet exposed ICS devices around the world, many of which are known to be easy to hack.
The types of ICS devices targeted include safety systems, building management systems, industrial IoT devices, programmable logic controllers, human machine interfaces, remote terminal units, and supervisory control and data acquisition systems. While the alert describes the threat actors as hacktivists, it's worth noting that state sponsored threat groups often launch attacks under the guise of hacktivism.
The Canadian Centre for Cyber Security's alert offers high level recommendations for securing ICS and advises victims of such attacks to report incidents promptly to both the agency and the police.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
