Internet-exposed automatic tank gauge (ATG) systems, used to monitor fuel and liquid storage tanks across critical infrastructure sectors, are being targeted by hackers, according to a joint warning from CISA, the FBI, the NSA, and the Department of Energy. These systems are crucial for remote monitoring of tank levels, temperatures, and potential leaks in sectors like energy, chemical, food and agriculture, and transportation. The advisory highlights ongoing malicious cyber activity, with further coverage provided by Bleeping Computer.Threat actors are exploiting vulnerabilities such as authentication bypass, hardcoded credentials, OS command execution flaws, SQL injection, and privilege escalation to gain access to these internet-exposed ATG systems. Once compromised, attackers can modify system settings, including network configurations, product identifiers, tank volumes, and pump controls. They can also disable alerts, potentially leading to undetected leaks or equipment failures.While the advisory does not attribute the attacks to a specific group, recent reporting has linked similar activity targeting ATG systems to Iranian hackers. Agencies are urging organizations to block ATG systems from the internet, restrict remote access, enforce strong authentication, apply security updates, and monitor for unauthorized changes to mitigate these risks.Source: Bleeping Computer
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds