The Canadian Centre for Cyber Security warned today that hacktivists have breached internet-exposed industrial control systems multiple times across the country, allowing changes to control settings that could have produced dangerous conditions, and issued the advisory to raise awareness of the elevated malicious activity. The bulletin is available here.
The Cyber Centre outlined three recent incidents. In one case a water facility had pressure values altered, degrading service to the community. In another an Automated Tank Gauge at an oil and gas company was manipulated, triggering false alarms. A third incident involved a grain-drying silo where temperature and humidity readings were altered, creating potentially unsafe conditions if the changes had not been detected.
Canadian authorities said the incidents appeared opportunistic rather than part of a sophisticated, long-planned campaign, and that goals included attracting media attention and undermining trust in institutions. The advisory noted hacktivists seek to sow fear and are sometimes accompanied by more capable threat actors, and U.S. officials have previously warned foreign hacktivists have attempted to manipulate industrial system settings.
None of the recently targeted entities suffered catastrophic consequences, but the incidents highlighted the risks posed by poorly protected programmable logic controllers, SCADA systems, human-machine interfaces and industrial Internet of Things devices. The centre also advised keeping ICS firmware up to date to reduce the chance of persistent compromise.
To reduce exposure, the Cyber Centre recommended organisations inventory and assess all internet-accessible ICS devices, remove direct internet exposure where possible, and implement VPNs with two-factor authentication, intrusion prevention, vulnerability management and penetration testing. It urged following vendor guidance and Cyber Centre publications, including the Cyber Security Readiness Goals, and reporting suspicious activity via My Cyber Portal, by email to [email protected], or to local police to support coordinated investigations.
Authorities said the advisory is intended to prompt organisations that operate or support critical infrastructure to adopt stronger security measures to prevent opportunistic intrusions and to report incidents promptly so that investigations and mitigations can be coordinated.