DHS's CISA Warns of New Critical Infrastructure Ransomware Attack

[2/19/2020 UPDATE: Dragos issued a research note this afternoon saying the event CISA cited in its advisory this week is likely one reported by the US Coast Guard last year. "Based on information shared with Dragos, as well as noted in public reporting, the CISA alert likely describes the same event reported by the U.S. Coast Guard in 2019," Dragos wrote. Dark Reading provided further reporting on this ransomware attack last month.] 

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) is warning critical infrastructure operators of a ransomware attack that hit a natural gas compression facility, causing the operation to shut down for two days. While no programmable logic controllers (PLCs) operating machinery were affected, and the facility never encountered out-of-control conditions, a number of pieces of the operational technology (OT) network did see an impact — pieces that included human-machine interfaces and systems that polled and logged data from low-level controllers.

According to the alert, the attack began with a spear-phishing campaign that provided credentials to the company's IT network before pivoting to the OT network. Commodity ransomware was then used to encrypt data on both networks. Normal operations have since resumed.

Read more here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "8 Things Users Do That Make Security Pros Miserable."