The United States and international partners warned Wednesday that pro-Russian “hacktivists” are targeting critical infrastructure in North America and Europe, urging carriers and equipment vendors to take urgent action to better protect their systems. I called for him to take it.
According to a Cybersecurity and Infrastructure Security Agency (CISA) advisory, the hackers primarily relied on factory default passwords or accessed infrastructure entities remotely through human-machine interfaces lacking multi-factor authentication. That's what it means. The attacker's identity and affiliation have not been disclosed.
Eric Goldstein, CISA's executive assistant director for cybersecurity, told reporters on a conference call that the U.S. and its partners “have not determined any operational impact from any of the reported intrusions.” Ta.
The advisory was issued in the wake of a series of cyberattacks on U.S. infrastructure sites by Russian hackers.
Google-owned security firm Mandiant last month reported that Russian Cyber Command, the group said to be behind January's attack on a suburban Texas water facility, has ties to the notorious Russian state-run organization Sandworm. announced. The group later claimed credit for a cyberattack on a water treatment plant in Indiana.
The CISA document cites a Texas incident in which some intrusions into the water system caused pumps to “exceed normal operating parameters” and disable alarms.
“Although some victims experienced minor tank overflows, most victims quickly returned to manual control and resumed operations quickly,” the advisory said.
Goldstein said the federal government has “not assessed the link” between recent malicious activity and sandworms. He said the U.S. is “conducting ongoing analysis to ensure we continue to understand the evolving threat.”
Goldstein similarly balked when asked how much of the hacking activity was driven by U.S. government support for Ukraine in its war with Russia.
“Russian hacktivist groups have publicly announced their intention to conduct this type of activity to reflect support for the Russian regime,” he told reporters.
Goldstein called on the vendor community to “default” to technologies with better security controls to prevent such breaches.
“There is no reason why any technology product should ship with a factory default password that is not immediately changed upon installation. There is no reason why a technology product should not have multi-factor authentication, at least when it comes to external access.” He said, highlighting the security standards called for in last year's National Cybersecurity Strategy and CISA's own Secure by Design initiative.
In a statement, Dave Lubar, director of the National Security Agency's Cybersecurity Directorate, urged managers of critical infrastructure organizations to “improve their cybersecurity posture and reduce system vulnerabilities. “Implement mitigation measures outlined in the report, especially changing default passwords.” This type of targeting. ”
recorded future
intelligence cloud.
learn more.
