Malware could drain your fuel tank as well as your bank account
Summary
The US Cybersecurity & Infrastructure Security Agency (CISA) has warned that ongoing cyber-attacks on automated tank gauges (ATGs) could lead to fuel tanks being drained without detection. These attacks exploit vulnerabilities such as authentication bypass, OS command execution, and privilege escalation. CISA advises system administrators to harden their systems by removing public internet exposure, changing default passwords, applying patches, and reporting suspicious activity.
IFF Assessment
This article details vulnerabilities in critical infrastructure systems (ATGs) that could be exploited by attackers to steal fuel or cause significant disruption, posing a threat to businesses and potentially public safety.
Defender Context
Defenders managing industrial control systems (ICS) and operational technology (OT) environments, particularly those involving fuel storage or critical infrastructure, should be aware of these attack vectors. Prioritizing patching, network segmentation, strong authentication, and continuous monitoring of ATG systems is crucial to prevent unauthorized access and potential theft or operational disruption.