Advisory Details

What's happened?

Over the last few years, SamCERT has observed multiple threat actors increasingly exploiting access control vulnerabilities in Critical Infrastructure around the world.

Most notably, in December 2023, Iranian affiliated Cyber Actors systematically identified and exploited Programmable Logic Controllers in US Critical Infrastructure, including in US Water and Wastewater Systems Facilities. These threat actors exploited the following vulnerabilities:

• Weak default or non-existent passwords
• Internet-exposed PLC Management Interfaces
• Inadequate Network Segmentation
• Lack of Multi-factor Authentication

These threat actors leveraged these vulnerabilities to cause operational disruptions. Affected PLCs, devices and software had to be manually reset, incurring a financial and workload cost on the operating organisations.

While there were no major disruptions for the communities impacted, a similar attack in the future has the potential to cause significant cyber and digital harm. 
 

What can we learn from this?

Whilst this attack against critical infrastructure did not happen in Samoa, there is the opportunity to learn from this event to better protect Samoan critical infrastructure and the communities they serve.
 

Mitigating Controls: Reduce the likelihood of your critical infrastructure systems being breached:

1. Use passwords on all devices and accounts, ensuring that these passwords are distinct, complex, and long. 
    
2. Implement Multi-Factor Authentication (MFA) on all devices and accounts, especially those that manage or control critical infrastructure.
    
3. Ensure that important hardware and interfaces are not internet-exposed. Change default ports and airgap critical systems away from public access.
    
4. Segment networks to increase resilience. Separate important networks through the use of firewalls and other measures of authentication to protect critical assets.
   
    

*More details in the PDF attachment