Rockwell Automation warned clients to disconnect all industrial management methods (ICSs) not designed for on-line publicity from the Web resulting from rising malicious exercise worldwide.
Community defenders ought to by no means configure such gadgets to permit distant connections from methods exterior the native community. By taking them offline, they will drastically cut back their organizations’ assault floor.
This ensures that menace actors will now not have direct entry to methods that won’t but be patched towards safety vulnerabilities, permitting attackers to achieve entry to their targets’ inside networks.
“Due to heightened geopolitical tensions and adversarial cyber activity globally, Rockwell Automation is issuing this notice urging all customers to take IMMEDIATE action to assess whether they have devices facing the public internet and, if so, urgently remove that connectivity for devices not specifically designed for public internet connectivity,” Rockwell mentioned.
“Removing that connectivity as a proactive step reduces attack surface and can immediately reduce exposure to unauthorized and malicious cyber activity from external threat actors.”
Rockwell additionally cautioned clients to take the mitigation measures required to safe their gadgets towards the next safety vulnerabilities impacting Rockwell ICS gadgets.
As we speak, CISA additionally issued an alert relating to Rockwell Automation’s new steerage to scale back ICS system publicity to cyberattacks.
In September 2022, the Nationwide Safety Company (NSA) and CISA printed a joint advisory on securing operational know-how (OT) gadgets and industrial management methods (ICS) towards assaults.
Beforehand, they launched steerage on stopping malicious assaults focusing on OT management methods (2021) and defending Web-exposed OT property (2020).
These advisories constructed upon a number of initiatives spearheaded by the Biden administration, together with a July 2021 nationwide safety memorandum instructing CISA and NIST to develop cybersecurity efficiency targets and steerage for crucial infrastructure operators to assist strengthen U.S. crucial infrastructure safety.
Earlier this month, a number of U.S. federal businesses, together with the NSA, FBI, CISA, and cybersecurity businesses from Canada and the U.Ok., warned of pro-Russian hacktivists disrupting crucial infrastructure operations by hacking into unsecured operational know-how (OT) methods.
Considered one of these teams, the Cyber Military of Russia, was linked by Mandiant to Sandworm, a hacking group a part of Russia’s Most important Intelligence Directorate (GRU), the nation’s international navy intelligence company.
