Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
CISA informs of a cyber-attack that was launched recently, affecting control and communication assets on the operational technology (OT) network of a natural gas compression facility. A cyber threat actor used a Spearphishing Link to obtain initial access to the organization’s information technology (IT) network before proceeding to its OT network. The threat actor then deployed commodity ransomware to encrypt data on both IT and OT networks.
Specific assets experienced a Loss of Availability on the OT network. These included human machine interfaces (HMIs), data historians, and polling servers. Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, resulting in a partial Loss of View for human operators. The attack did not impact any programmable logic controllers (PLCs) and the victim did not lose control of operations. Operational shutdown had to be implemented.
Deliberate and controlled shutdown of operations had to be implemented for two days, due to lack of cyber-security accommodation in their emergency response plan. A Loss of Productivity and Revenue had to be endured meanwhile, that usually happens when adversaries cause disruption and even damage to the availability and integrity of control system operations, devices, and related processes. Normal operations were resumed afterwards.
The victim failed to implement robust segmentation between the IT and OT networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks. The threat actor used commodity ransomware to compromise Windows-based assets on both the IT and OT networks. Because the attack was limited to Windows-based systems, PLCs responsible for directly reading and manipulating physical processes at the facility were not impacted. The victim was able to obtain replacement equipment and load last-known-good configurations to facilitate the recovery process. All OT assets directly impacted by the attack were limited to a single geographic facility.
Although only one geographical control facility was affected, other geographically distinct compression facilities also had to halt operations due to pipeline transmission dependencies. This resulted in an operational shutdown of the entire pipeline asset lasting approximately two days. The victim acknowledges the lack in their cyber-security knowledge for failing to adequately incorporate cyber-security into emergency response planning.
CISA recommends following mitigations to avoid and handle cyber attacks on operational control devices and networks.
Technical and Architectural Mitigations
Planning and Operational Mitigations