The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert to all critical US infrastructure sectors about a cyber-attack targeting a natural gas compression facility.
CISA recently responded to a cyber-attack impacting the control and communication assets on the operational technology (OT) network of a natural gas compression facility.
The agency explained that the threat actor utilised a “Spearphishing Link” to gain initial access to the organisation’s IT network before directing to its OT network.
After infiltrating the network, the threat actor deployed ransomware to both the IT and OT networks, which subsequently led to specific assets experiencing a “Loss of Availability” on the OT network impacting human machine interfaces (HMIs), polling servers and data historians.
“Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, resulting in a partial Loss of View for human operators,” the agency wrote.
CISA noted that the attack did not impact any programmable logic controllers (PLCs) and that the victim did not lose control of operations.
“Although the victim’s emergency response plan did not specifically consider cyberattacks, the decision was made to implement a deliberate and controlled shutdown to operations. This lasted approximately two days, resulting in a Loss of Productivity and Revenue, after which normal operations resumed.”
The alert is to help administrators and network defenders protect their organisations against similar attacks.
CISA explained that the impacted organisation failed to implement robust segmentation between the IT and OT networks, thus allowing “the adversary to traverse the IT-OT boundary and disable assets on both networks.”
“Although the direct operational impact of the cyberattack was limited to one control facility, geographically distinct compression facilities also had to halt operations because of pipeline transmission dependencies. This resulted in an operational shutdown of the entire pipeline asset lasting approximately two days.”
CISA has provided some planning and operational mitigations for asset owner operators across all sectors should consider.
The post #Privacy: CISA warns of ransomware impacting pipeline operations appeared first on PrivSec Report.