CISA warns critical infrastructure operators of ongoing attacks targeting Internet-exposed OT and ICS devices using unsophisticated methods like default credentials & brute-force attacks.

Continue reading
The Cybersecurity and Infrastructure Security Agency (CISA) alerts critical infrastructure operators of ongoing attacks exploiting Internet-exposed OT and ICS devices using unsophisticated methods like default credentials and brute-force attacks.*
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about threat actors attempting to breach critical infrastructure networks by targeting Internet-exposed Operational Technology (OT) and Industrial Control Systems (ICS) devices. These attackers are employing unsophisticated methods such as brute-force attacks and exploiting default credentials to gain unauthorized access.
According to CISA, these ongoing attacks are particularly impacting the Water and Wastewater Systems (WWS) sector but pose a threat to all critical infrastructure sectors. OT devices, which integrate hardware and software to monitor and control physical processes in industries like manufacturing and utilities, are essential for maintaining operations such as water treatment, distribution, and pressure regulation.
_"CISA continues to respond to active exploitation of internet-accessible OT and ICS devices,"_ the agency stated. _"Exposed and vulnerable systems may allow cyber threat actors to use default credentials, conduct brute-force attacks, or employ other unsophisticated methods to access these devices and cause harm."_
CISA urges operators of OT and ICS devices in critical infrastructure sectors to implement the following security measures:
Since 2022, threat actors—including pro-Russian hacktivist groups—have been targeting vulnerable OT devices to disrupt operations or cause nuisance effects, primarily using low-sophistication techniques. These attacks highlight the urgent need for improved cybersecurity practices within critical infrastructure sectors.
Recent incidents underscore the severity of the threat. A cyberattack on a water treatment facility in Arkansas City, Kansas, forced the facility to switch to manual operations. Additionally, the U.S. Environmental Protection Agency (EPA) has issued guidance to help WWS owners and operators evaluate and enhance their cybersecurity measures.
In response to the escalating threats, the White House and EPA have called on state governors to bolster the cybersecurity defenses of water systems. The U.S. government has also sanctioned individuals involved in cyberattacks targeting the water sector, demonstrating a commitment to holding malicious actors accountable.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation