US Department of Homeland has issued an alert regarding the threat of ransomware attacks. DHS warns about it after a US Pipeline Operations facility suffered a ransomware attack.
Ransomware Attack On Gas Pipeline Operator
Reportedly, the US DHS is warning enterprises about the threat of ransomware attacks through a recent advisory. To back their alert, DHS has also shed light on a previous ransomware attack on a Pipeline Operations facility.
Though, they haven’t mentioned any timelines of the incident, they have disclosed the ransomware attack mentioning CISA’s role in its rectification. As stated in their advisory,
CISA responded to a cyberattack affecting control and communication assets on the operational technology (OT) network of a natural gas compression facility.
Regarding how it happened, they revealed that the attackers targeted the said facility with spearphishing to gain access to the informational and operation technology (IT and OT) networks. Then, they deployed ransomware on both networks. The attackers succeeded because of a security flaw at the victim’s end – absence of segmentation between IT and OT networks.
Explaining the entire scenario, the Cybersecurity and Infrastructure Security Agency (CISA) warns everyone to remain vigilant.
DHS Suggested Mitigations
Alongside explaining the threat scenario, CISA has also shared various planning, operational, technical and architectural mitigations to fend off these attacks. Some of these include,
- Ensuring a robust emergency response plan covering all possible impacts in the event of a cyber attack.
- Identify points of failure.
- Recognize physical risks by cyber attacks.
- Implementing robust network segmentation between IT and OT networks.
- Implementing multi-factor authentication to access networks.
- Restricting user access to networks.
- Deploying spam filters to combat phishing.
- Keeping software updated.
- Schedule antimalware scans.
- App whitelisting.
- Restricting Remote Desktop Protocol (RDP).
Despite all the suggestive details, DHS hasn’t revealed the name of the ransomware involved in the attacks. Nor did they mention the affected pipeline operations facility.
Let us know your thoughts in the comments.