Hackers are increasingly targeting Industrial Control Systems (ICS) and Operational Technology (OT) in critical infrastructure sectors using basic attack methods, according to a recent warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). These unsophisticated tactics, including brute force attacks and exploitation of default credentials, have been used to breach internet-exposed OT and ICS devices. Critical infrastructure sectors like water and wastewater systems are particularly vulnerable, raising concerns over the safety and reliability of essential services.
CISA’s advisory highlights the continued targeting of vulnerable ICS systems by threat actors, including pro-Russian hacktivist groups. These attacks, which have been observed since 2022, often seek to disrupt operations or cause nuisance effects. However, despite their simplicity, such breaches can still pose significant risks to public safety and infrastructure stability. Recent incidents have included cyberattacks on water treatment facilities, forcing cities like Arkansas City, Kansas, to switch to manual operations in response.
The methods used by hackers to exploit ICS systems remain rudimentary but effective. Common techniques include using default passwords, conducting brute force attacks, and exploiting misconfigurations in systems that should be securely isolated from the internet. CISA recommends several countermeasures to defend against these threats, such as changing default passwords, enabling multifactor authentication, hardening Virtual Network Computing (VNC) installs, and placing human-machine interfaces (HMIs) behind firewalls.
In response to the growing threat, government agencies have stepped up efforts to improve cybersecurity in the water sector. The U.S. Environmental Protection Agency (EPA) recently issued guidance to help water and wastewater system operators assess and enhance their security practices. Additionally, the White House has sought support from state governors to bolster defenses against cyberattacks, while U.S. sanctions have targeted Russian cybercriminals responsible for attacking the water sector. Despite the simplicity of these attacks, the stakes remain high, underscoring the need for proactive cybersecurity measures to protect critical infrastructure.
