“Brute force intrusions, default credentials, and other unsophisticated attack methods were noted
by the Cybersecurity and Infrastructure Security Agency to be persistently leveraged by threat
actors against internet-exposed operational technology and industrial control systems of critical
infrastructure organizations, including those in the water and wastewater sector, according to
Bleepingcomputer.com
Ongoing targeting of vulnerable OT/ICS devices should prompt critical infrastructure entities to
replace default passwords, activate multi-factor authentication, implement firewall protection for
human-machine interfaces, and ensure up-to-date security patches as recommended in an
earlier joint federal guidance warning of pro-Russia hacktivist attacks against water and
wastewater systems, according to the CISA alert.”
RITC's take:
Despite the simplicity of these attacks, they can still cause significant disruption to critical infrastructure, such as energy grids, water systems, and manufacturing. CISA urges organizations to implement basic cybersecurity practices to mitigate these risks. This serves as a reminder that even simple attacks can have severe consequences if foundational security measures are not in place.