The Canadian Centre for Cyber Security has warned CISOs and other decision-makers that hacktivists are increasingly targeting internet-exposed industrial control systems (ICS).
The government cybersecurity agency has provided several examples of recent attacks reported to authorities. In one incident, hackers targeted a water facility and tampered with water pressure valves, which resulted in degraded service for the community served by the compromised facility.
In another incident, hackers triggered false alarms at a Canadian oil and gas company by tampering with an automated tank gauge (ATG). ATGs are often plagued by severe vulnerabilities and they have been targeted by hackers for at least a decade.
The third example shared by the Canadian Centre for Cyber Security describes an attack on a farm, with attackers manipulating temperature and humidity parameters in a grain-drying silo. The agency noted that the hackers’ actions could have resulted in unsafe conditions had they not been caught on time.
Read: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem
The cybersecurity agency said hacktivists often target internet-accessible and poorly secured ICS devices in an effort to gain media attention, discredit organizations, and to “undermine Canada’s reputation”. These types of hackers often launch opportunistic attacks rather than targeting specific organizations.
There are at least 100,000 internet-exposed ICS devices around the world and they are in many cases easy to hack.
While the Canadian Centre for Cyber Security alert describes the threat actors as hacktivists — such hackers have often targeted ICS — it’s worth noting that it’s not uncommon for state-sponsored threat groups to launch attacks under the guise of hacktivism.
According to the agency, the types of ICS devices targeted by hackers can include safety systems, building management systems, industrial IoT devices, programmable logic controllers, human-machine interfaces, remote terminal units, and supervisory control and data acquisition systems.
The Canadian Centre for Cyber Security’s alert offers some high-level recommendations for securing ICS, and provides links to more detailed resources.
The agency has also advised victims of such attacks to report incidents to both the agency and police.
Related: Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack
Related: Up to 25% of Internet-Exposed ICS Are Honeypots
Related: CISA Warns of Exploited DELMIA Factory Software Vulnerabilities
