Summary: CISA led a proactive threat hunt engagement at a U.S. critical infrastructure organization with the support of U.S. Coast Guard (USCG) analysts. This advisory highlights areas of potential cyber hygiene improvement for other critical infrastructure organizations. During the engagement, CISA did not identify evidence of malicious cyber activity or threat actor presence on the organization’s network but did identify several areas of cybersecurity risk.
Analyst Note: Many of the risks identified are what WaterISAC considers “low hanging fruit”, or areas that can significantly impact a utility’s security posture despite requiring less resources for a utility to remediate. WaterISAC encourages members to review this advisory and the identified risks, which can help you prioritize areas of risk that may be present at your utility. The identified areas of risk include:
- Insufficient logging.
- Insecurely stored credentials.
- Shared local administrator (admin) credentials across many workstations.
- Unrestricted remote access for local admin accounts.
- Insufficient network segmentation configuration between IT and operational technology (OT) assets.
- Several device misconfigurations.
Original Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-212a
Related WaterISAC PIRs: 6, 12
