Canadian government claims hacktivists are attacking water and energy facilities

Date:
Fri, 31 Oct 2025 15:24:00 +0000

Description:
Businesses operating ICS systems need effective communication and collaboration," the Canadian government warns.

FULL STORY

The Canadian government has issued a new security alert warning of so-called hacktivists targeting Industrial Control Systems (ICS).

The report says the Cyber Centre and the Royal Canadian Mounted Police has received multiple reports of incidents involving internet-accessible ICS.

Among the reports were an attack on a water facility, in which the miscreants tampered with water pressure valves and degraded the service for the
community.

How to secure the assets

The report also mentions a Canadian oil and gas company, in which an
Automated Tank Gauge (ATG) was manipulated into triggering false alarms.

Finally, there was an attack on a grain drying silo in a Canadian farm, where the attackers changed temperature and humidity levels. Luckily, the attack
was caught on time, otherwise it could have resulted in potentially unsafe conditions.

ICS are computer-based systems used to monitor and control industrial
processes and critical infrastructure, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and Programmable Logic Controllers (PLC).

By gaining access, cybercriminals can disrupt power grids, water supplies, manufacturing lines, or transportation networks, causing widespread damage
and safety risks. For hacktivists, exploiting ICS is a way to gain media attention, discredit organizations, and undermine Canadas reputation, the report further stated.

The problem with ICS systems is in unclear division of roles and responsibilities, the Canadian government stressed in the report, saying they often create gaps which leave critical systems unprotected.

To tackle the problem, businesses operating ICS systems need effective communication and collaboration.

That communication implies proper inventory, documentation, and protection of internet-connected assets, as well as making sure managed services are implemented securely, maintained throughout their lifecycle and based on clearly defined requirements.

It also means businesses should implement Virtual Private Networks ( VPNs ), two-factor authentication ( 2FA ), and a strong active threat detection
system.

Regular penetration testing and continuous vulnerability management are also advised.

======================================================================
Link to news story: https://www.techradar.com/pro/security/canada-says-hacktivists-breached-water- and-energy-facilities

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)