DHS’s CISA Warns of New Critical Infrastructure Ransomware Attack

An attack on a natural gas compression facility sent the operations offline for two days.

[2/19/2020 UPDATE: Dragos issued a research note this afternoon saying the event CISA cited in its advisory this week is likely one reported by the US Coast Guard last year. “Based on information shared with Dragos, as well as noted in public reporting, the CISA alert likely describes the same event reported by the U.S. Coast Guard in 2019,” Dragos wrote. Dark Reading provided further reporting on this ransomware attack last month.] 

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is warning critical infrastructure operators of a ransomware attack that hit a natural gas compression facility, causing the operation to shut down for two days. While no programmable logic controllers (PLCs) operating machinery were affected, and the facility never encountered out-of-control conditions, a number of pieces of the operational technology (OT) network did see an impact — pieces that included human-machine interfaces and systems that polled and logged data from low-level controllers.

According to the alert, the attack began with a spear-phishing campaign that provided credentials to the company’s IT network before pivoting to the OT network. Commodity ransomware was then used to encrypt data on both networks. Normal operations have since resumed.

Read more here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

Read More HERE