The U.S. Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security. is encouraging critical infrastructure operators to guard against cyberattacks in the aftermath of a recent ransomware attack launched against a natural gas compression facility.
A threat actor used ransomware to obtain access to a natural gas compression facility's IT and OT networks, CISA indicated. It encrypted data across the facility's IT and OT networks and compromised Windows-based assets on both networks.
The threat actor was unable to control or manipulate the natural gas compression facility's operations at any point during the ransomware attack, according to CISA. In addition, the direct operational impact of the cyberattack was limited to one control facility.
How to Mitigate Ransomware Attacks Against Critical Infrastructure
CISA recommends critical infrastructure operators use a risk-based assessment strategy to guard against ransomware attacks. It also offers several tips to mitigate ransomware attacks, including:
- Develop and implement an emergency response plan that accounts for a cyberattack's potential impact on an organization's day-to-day operations.
- Create emergency response playbooks and test them regularly.
- Use tabletop exercises to educate employees about cyberattacks and the dangers associated with them.
- Deploy redundant communications between geographically separated facilities responsible for critical infrastructure.
- Require multi-factor authentication for remote access to IT and OT networks.
- Leverage spam filters to prevent phishing emails from reaching end-users.
- Filter network traffic.
- Scan network assets.
Cybercriminals attack U.S. critical infrastructure every day, U.S. Director of National Intelligence Dan Coats said last month. Meanwhile, recent research indicates that industrial control systems (ICS) used to administer equipment in manufacturing, energy, transportation and other critical industries often fail to provide adequate perimeter protection.