Canadian authorities on Wednesday warned that hacktivist groups have breached critical infrastructure facilities in recent weeks, including water, energy and agricultural sites, by manipulating industrial control systems that were exposed online.
The attacks involved tampering with pressure valves at a water facility, manipulating an automated tank gauge at an oil and gas company and exploiting temperature and humidity levels at a grain silo on a farm, according to an advisory from the Canadian Centre for Cyber Security.
Industrial control systems have a range of components that are exposed to the internet, including programmable logic controllers, human machine interfaces, remote terminal units and other devices, according to the advisory.
The systems need to be shielded behind a virtual private network using multifactor authentication or through some other type of technology to prevent them from being exposed to the open internet, the advisory read.
The government wants security teams to inventory devices at these critical sites. Teams are being urged to conduct regular testing and tabletop exercises to prepare for a potential rapid response, officials said.
The warnings echo a wave of attacks against U.S. sites in recent years, where state-linked actors targeted U.S. drinking and wastewater treatment plants and other facilities.
Much of the hacktivist activity was traced to Iran-linked hackers targeting U.S. water systems, however other facilities were targeted by Russia-linked actors.
Authorities did not name the specific companies or locations where the incidents occurred but said the incidents were reported to the CCCS or the Royal Canadian Mounted Police, according to the advisory.
