In a recent bulletin, the Cybersecurity and Infrastructure Security Agency (CISA) joined its partner organizations to alert users of malicious cyber activity targeting U.S.-based automatic tank gauge (ATG) systems.
In partnership with the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), the Department of Transportation (DOT), and the U.S. Department of Agriculture (USDA), CISA urged organizations in the Energy, Chemical, Food and Agriculture, and Transportation Systems sectors using automated and remote monitoring of storage tank parameters to defend against malicious activity by securing their ATG systems with strong passwords and removing them from the internet to reduce public exposure.
The group said it had recently observed some malicious cyber activity targeting ATG that the U.S. government has not yet attributed to a nation-state or threat actor group. The activity involves cyber threat actors compromising internet-exposed ATG systems and modifying them through command execution. The group said cyber threat actors may exploit flaws in the ATG systems through multiple attack vectors, including authentication bypass and hardcoded credentials, OS command execution and structured query language injection, and privilege escalation.
Exploiting vulnerabilities could compromise an ATG system, allowing threat actors to disrupt or manipulate critical functions by directly interfering with the tank management.
CISA recommends ATG owners immediately eliminate public internet exposure, enforce credential security, apply patches, and monitor and report any issues.