CISA Warns of Unsophisticated Cyber Actors Targeting U.S. Critical Infrastructure OT Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a fresh alert urging critical infrastructure operators to fortify their operational technology (OT) environments amid growing evidence of active targeting by unsophisticated cyber actors. While these threats may seem elementary, their consequences can be far from minor.

“CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems,” CISA warns.

Despite the rudimentary nature of these attacks, poor cyber hygiene — such as default passwords, exposed devices, and misconfigured remote access — enables them to succeed. According to CISA, such intrusions have already led to incidents involving defacement, configuration changes, operational disruptions, and even physical damage.

CISA’s alert outlines actionable steps that asset owners and operators should take immediately to defend against these threats:

• Remove OT connections to the public internet: “OT devices are easy targets when connected to the internet… [and] lack authentication and authorization methods that are resistant to modern threats.”
• Secure Remote Access: If OT remote access is necessary, CISA recommends using private IP connections and VPNs with phishing-resistant multi-factor authentication (MFA).
• Change Default Passwords: “Targeted systems use default or easily guessable (using open source tools) passwords… Changing default passwords is especially important.”
• Segment IT and OT Networks: “Segmenting critical systems… reduces the risk of disruptions to essential OT operations.”
• Limit Privileges and Disable Dormant Accounts: Configure remote access on a principle of least privilege, and remove unused credentials to reduce attack surfaces.
• Prepare for Manual Operations: In the event of a cyber incident, organizations should be able to quickly switch to manual operations.

CISA also stresses the importance of working closely with managed service providers, system integrators, and product vendors. Misconfigurations are often introduced by third parties — even as part of default setups.

Related Posts:

• China-Backed Hackers Escalate Cyber Campaigns, Targeting Operational Technology
• Report: the development of cyber security in the oil and gas industry in the Middle East is lagging behind
• LazyStealer Malware Targets Governments with Simple But Effective Strategy
• Mandiant Unveils Russian Cyber Espionage in Ukraine’s Grid Disruption