Cybercriminals are exploring a discrete layer of fuel infrastructure: the systems that monitor the contents of storage tanks.
According to a new government advisory, there have been reports of threat actors targeting automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across the United States. Officials say these actors have already compromised internet-connected devices in recent months, raising concerns about the security of these often-neglected industrial systems.
The warning highlights a growing trend in the threat landscape. Instead of focusing exclusively on stealing digital data or corporate networks, attackers are also exploring technologies closer to physical operations, where disruptions can disrupt real-world operations, affecting millions of people.
What is an ATG system used for and why is it targeted?
At their core, ATG systems serve as digital monitoring platforms to check inventory, detect leaks, and manage tank health at sites ranging from gas stations to industrial facilities.
Due to the role they play in the smooth functioning of daily activities that depend on them, they have recently become active targets of cyberattacks aimed at disrupting these services.
What makes this even more important is their location: right in the middle of digital infrastructure and physical activities. Worse, the very conditions that allow these systems to operate smoothly – convenient access – have become the leverage that bad actors now use to gain illegal access.
How the attack occurs
According to a June 2 release from the Cybersecurity & Infrastructure Security Agency (CISA), attacks against ATG systems have been observed, exploiting several system weaknesses.
Among the techniques highlighted in the report are authentication bypass vulnerabilities and hardcoded credentials that can grant direct access to device management interfaces. The agency also noted that operating system command execution and SQL injection vulnerabilities could allow arbitrary code execution, database manipulation, and in some cases privilege escalation to the point of full administrative control over the system.
This level of access effectively puts attackers in the position of a trusted operator, creating entry points to change configurations, remove danger alerts, or cause permanent damage to systems.
Must-read safety coverage
What CISA and its partners are asking operators to fix
As the agency responsible for infrastructure security, CISA is at the forefront… but it is not the only government agency involved.
Affected agencies include the FBI, NSA, Department of Energy (DOE), and Environmental Protection Agency (EPA). Others include the Transportation Security Agency (TSA), the Department of Transportation (DOT), and the United States Department of Agriculture (USDA).
Together, these agencies recommend that ATG operators do the following, where appropriate:
- Turn off direct internet exposure: Where possible, remove ATG systems from direct Internet access and restrict remote connectivity through VPNs, access control lists (ACLs), or similar controls.
- Strengthen authentication: Replace default credentials with stronger credentials and deploy phishing-resistant MFA where possible.
- Patch and update systems: The attacks exploited vulnerabilities in these systems that could have been avoided with system updates from ATG manufacturers.
- Increase system visibility: Enable continuous monitoring and logging to detect unauthorized access and unusual changes that could indicate tampering.
- Apply vendor security: When working with a supplier, make sure they also follow secure practices, as a breach in the supply chain can serve as an entry point into the larger system.
For operators, the message is simple: ATG systems should not be treated like forgotten back-office hardware. Any device exposed to the Internet should be examined, access restricted, credentials changed, and any suspicious activity reported to CISA or law enforcement.
For further information, please refer to the source link Here.
“`
