The Cybersecurity and Infrastructure Security Agency on Tuesday issued an alert about a ransomware attack on information and operational technology networks of a natural gas compression facility.
The Department of Homeland Security’s CISA said the cyber threat actor initially obtained access to the pipeline operator’s IT network using a spearphishing link before infiltrating the OT network and deploying ransomware on both networks. The attack resulted in an operational shutdown for approximately two days and loss of productivity.
CISA also found that the pipeline operator failed to implement segmentation between its OT and IT networks and its emergency response plan did not specifically consider cyber-related risks.
The agency called on asset operators and owners and network administrator to consider operational, planning, architectural and technical mitigation measures using risk-based assessment strategy. These include identifying single points of failure for operational visibility, ensuring that emergency response plans consider cyber incidents, requiring multifactor authentication, updating software and implementing execution prevention through application whitelisting.