The Cybersecurity and Infrastructure Security Agency, Department of Energy, National Security Agency and the FBI have released a joint advisory on advanced persistent threat actors targeting industrial control systems and supervisory control and data acquisition devices.
Threat actors secure access to ICS and SCADA devices using custom-made tools that enable them to compromise and control such systems once they have gained access to the operational technology network, according to the advisory published Wednesday.
Using those tools or modules, cyberthreat actors can carry out reconnaissance on devices, alter device parameters and upload malicious code to targeted systems.
APT actors can target Windows-based engineering workstations using a tool that can undermine an ASRock motherboard driver with known cyber vulnerabilities.
The four agencies recommend several measures to protect ICS and SCADA devices from such threats, including the enforcement of multifactor authentication, development of a cyber incident response plan, adoption of a continuous monitoring platform for OT and implementation of a robust log collection and retention from ICS/SCADA systems and management subnets.
