The Canadian Centre for Cyber Security (Cyber Centre) has joined the United States' Federal Bureau of Investigation (FBI) and other domestic and international partners in issuing a joint advisory on pro-Russia hacktivist attacks.
This joint advisory highlights the unsophisticated and opportunistic tactics, techniques and procedures (TTPs) used by pro-Russia hacktivist groups to target critical infrastructure (CI) globally. These attacks target minimally secured, Internet-facing virtual network computing (VNC) connections to infiltrate (or gain access to) operational technology (OT) control devices within CI systems.
OT owners and operators and CI entities should implement the following recommendations to reduce the risk of pro-Russia hacktivists targeting control networks through VNC connections:
- Reduce exposure of OT assets to the public-facing Internet
- Implement network segmentation between IT and OT networks
- Adopt mature asset management processes, including mapping data flows and access points
- Ensure that OT assets are using robust authentication procedures
- Enable control system security features that can separate and audit view and control functions
- Collect and monitor OT asset and networking device traffic
- Review configurations for setpoint ranges or tag values to stay within safe ranges and set up alerts for deviations
- Implement and practice business recovery and disaster recovery plans
This joint advisory updates CISA's joint fact sheet Primary mitigations to reduce cyber threats to operational technology.
Read the full joint advisory: Pro-Russia hacktivists conduct opportunistic attacks against US and global critical infrastructure.