.jpg)
Automatic tank gauges are a ripe target for cyber attackers, CISA warns.
Ongoing cyber-attacks on automated tank gauges (ATGs) could result in fuel tanks being drained without businesses noticing, the US Cybersecurity & Infrastructure Security Agency has warned. Connected ATGs are widely deployed in gas stations, as well as on military bases, in hospitals, and in manufacturing plants. And it’s not just fuel stores at risk: ATGs are also used in the chemical, food, and agriculture industries.
CISA and other agencies warned that such attacks could lead to the gauges being dangerously compromised, leaving tank owners unaware of leaks or theft of their contents.
The attacks take three forms: authentication bypass and hardcoded credentials, which allow attackers to gain access to device management; OS command execution and SQL injection to manipulate underlying databases; and privilege escalation, in which attackers obtain full administrator access.
System administrators working for organizations using ATGs are advised to protect their systems by removing connections to serial ports to eliminate public internet exposure by, changing default passwords immediately, applying the latest patches, reporting any suspicious activity to the CISA, and urging companies in their supply chain to also adopt best practises against such attacks.
CISOs in these companies should already be doing this as they can’t say that they were unaware of the risks: Last year, a Canadian fuel company was attacked and its systems compromised and in 2024, security company BitSight warned that ATGs were a sitting target for cyber criminals.
SUBSCRIBE TO OUR NEWSLETTER
From our editors straight to your inbox
Get started by entering your email address below.
.jpeg)
