The Canadian Center for Cyber Security is warning businesses and organizations involved in vital infrastructure to implement additional security measures, as they’ve become a target for hacktivists.
In recent weeks, the Center for Cyber Security and the Royal Canadian Mounted Police have received multiple reports of security incidents involving industrial control systems (ICS) that were accessible via the internet.
One incident involved a water facility. A threat actor successfully infiltrated the facility’s IT network and tampered with water pressure values, resulting in inadequate service for the local community.
A Canadian oil and gas company was also affected, with an Automated Tank Gauge (ATG) being manipulated, triggering false alarms. Lastly, a grain drying silo on a Canadian farm had to fend off hackers who tried to manipulate temperature and humidity levels, potentially leading to unsafe conditions.
“While individual organizations may not be direct targets of adversaries, they may become victims of opportunity as hacktivists are increasingly exploiting internet-accessible ICS devices to gain media attention, discredit organizations, and undermine Canada’s reputation,” the Canadian Center for Cyber Security says in a press release.
To fight off threat actors, companies and organizations in the critical infrastructure should take additional security safeguards.
According to Canada’s cybersecurity agency, they should conduct a comprehensive inventory of all internet-accessible ICS devices and assess their necessity. Where possible, alternative solutions should be implemented to avoid direct exposure to the internet, like adopting Virtual Private Networks (VPNs) with two-factor authentication (2FA).
If such options aren’t feasible, businesses should consider adopting enhanced monitoring services, including regular penetration testing and vulnerability management. Furthermore, organizations should regularly train their personnel to improve their response capabilities in the event of a cybersecurity incident.
Lastly, municipalities and organizations should work closely with their service providers to ensure that managed services are implemented securely. In addition, vendor recommendations and guidelines should be followed to secure devices and services.
Your email address will not be published. Required fields are markedmarked