Exposure of Over 900 Automatic Tank Gauge Systems to Cyber Attacks

An alarming discovery has been made regarding the security of over 900 automatic tank gauge (ATG) systems in the United States, which are utilized to monitor fuel and chemical storage tanks in critical infrastructure sectors. These systems have been found to be exposed online, posing a significant vulnerability to ongoing cyber attacks.

ATG systems serve as electronic monitoring devices that enable remote tracking of fuel, chemicals, or other liquids stored in tanks. They play a crucial role in automating inventory control, environmental leak detection, and regulatory compliance. While commonly used in gas stations to monitor fuel tank levels, ATG systems are also prevalent in industrial settings for tracking chemical storage tanks.

A joint advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the Department of Energy, and other U.S. government partners highlights the urgent need for critical infrastructure organizations to secure internet-exposed ATG systems against potential attacks.

The advisory warns that threat actors target these devices to exploit security vulnerabilities such as hardcoded credentials, authentication bypasses, SQL injection flaws, OS command execution vulnerabilities, and privilege escalation weaknesses. By compromising internet-exposed ATG systems, attackers can manipulate system settings through command execution.

According to the joint advisory, recent malicious cyber activities have involved cyber threat actors compromising ATG systems and making unauthorized modifications. This poses a grave risk as attackers could disable system alerts, potentially leading to leaks, equipment failures, and permanent damage to the targeted tank systems.

Following CISA’s advisory, Internet security watchdog Shadowserver reported that over 1,000 ATG systems were exposed online, with the majority (909 devices) located in the United States.

See also  Microsoft tightens security measures in Edge after zero-day attacks

Shadowserver’s monitoring revealed that 1061 IPs with ATG systems were seen online, emphasizing the critical need for organizations to restrict remote access to these systems and implement stringent security measures such as firewalls, VPNs, and access control lists.

To mitigate the risks posed by vulnerable ATG systems, organizations are urged to replace default passwords with strong credentials, apply security updates, monitor systems for unauthorized changes, and implement multi-factor authentication where feasible.

In a separate incident reported by CNN in May, Iranian hackers breached ATG systems connected to gas stations in the United States. While no physical damage was caused, the incidents underscore the potential repercussions of such cyber attacks on fuel management systems and safety-related functions.

Furthermore, a joint advisory issued by U.S. federal agencies in April linked Iranian state-backed hackers to attacks targeting industrial control systems, including Rockwell Automation/Allen-Bradley PLC devices. These attacks resulted in financial losses and operational disruptions.

Censys, a cybersecurity firm, reported that a significant percentage of exposed industrial control systems globally, including ATG systems, were from the United States, highlighting the pressing need for enhanced security measures.