Risks of Cyber Attacks on Water Infrastructure

Must read #CybersecurityAdvisory for operational technology owners and operators. For a little over a week, Iranian IRGC actors using the persona ‘CyberAv3ngers’ have been targeting and compromising Unitronics PLCs, most commonly used in the water and wastewater sector, using default credentials. The PLCs may be rebranded and appear as different manufacturers and companies. FBI Cyber Division and our partners at CISA, NSA, EPA, and the Israel National Cyber Directorate are providing urgent recommendations and mitigation guidance. The Iranian actors compromised Unitronics Vision Series PLCs with human machine interfaces that were publicly exposed to the internet with default passwords and by default are on TCP port 20256. The compromise is centered around defacing the controller’s user interface and may render the PLC inoperative. With this type of access, deeper device and network level accesses are available and could render additional, more profound cyber physical effects on processes and equipment. IOCs can be found at https://lnkd.in/eh4bkD3M & https://lnkd.in/eRs9wvJc Immediate steps to prevent the attack: ·      Change all default passwords on PLCs and HMIs and use a strong password. Ensure the Unitronics PLC default password is not in use. ·      Disconnect the PLC from the public-facing internet. If you believe you have been targeted or compromised, reach out to your local FBI Field Office today (https://lnkd.in/esFNaZ4Y). For more information about threats from Iran see the FBI’s Iran Threat page (https://lnkd.in/edHf8YXU) and CISA’s Iran Threats and Advisories page (https://lnkd.in/e9i3qDdE). Full Cybersecurity Advisory can be found below and at https://lnkd.in/eNfsZH9J . #cyber #cybersecurity #FBI #nationalsecurity #cyberthreatintelligence #cyberintelligence #PLC #HMI 

This article from Dark Reading dives into the vulnerabilities lurking (like a shark?) in our water systems. From aging infrastructure to poorly secured operational technology (OT), these systems are essential to our communities but are often left unprotected against cyber threats. As someone passionate about both cybersecurity and protecting our critical infrastructure, this hits close to home. Attacks on water systems aren't just theoretical—they can directly impact public health, safety, and trust. Remember the Oldsmar, Florida incident? It’s a stark reminder that even a small security lapse can have devastating consequences. We can't afford to treat water systems as an afterthought in cybersecurity. This means: • Closing security gaps in OT and ICS systems • Enforcing strong access controls and network segmentation • Prioritizing vulnerability management tailored to these environments • Ensuring regular training and awareness for operators These systems are lifelines, and protecting them is about more than just compliance—it's about safeguarding the communities that rely on them every day. #TEN18 #TEN18byExabeam #CyberSecurity #CriticalInfrastructure #OTSecurity #WaterSystems

Over the weekend, an Iran-affiliated hacking group called Cyber Av3ngers claimed responsibility for a cyberattack that took control of systems at the Municipal Water Authority of Aliquippa, PA that regulate water pressure. While the water authority doesn't appear to have been the primary target, it was collateral damage from an attack aimed at infrastructure using products from an Israeli technology vendor. This disturbing breach reveals risks from interconnected supply chains - entities can fall victim without being directly targeted. All organizations must take proactive cybersecurity measures like network segmentation, asset management, and advanced threat detection tailored for industrial control system environments. The Cyber Av3ngers group has been active for years, targeting Israel and ramping up attacks during conflicts. Their tactics aren't highly sophisticated, but this latest campaign recruiting "talent" to hit infrastructure in transportation, electricity, and water supply shows even lower-tier actors can still inflict severe disruption. #cybersecurity #criticalinfrastructure #supplychainrisk #OT #ICS

In an unsophisticated cyber-attack that spanned across multiple U.S. states, hackers affiliated with Iran targeted the Municipal Water Authority of Aliquippa in Pennsylvania.   This breach, occurring on November 25, 2023, compromised a Programmable Logic Controller (PLC) made by Unitronics, a key device in the water authority's pumping booster station. The choice of target is deliberate, as the hackers left an electronic note indicating a preference for Israeli-made components.   This incident is not isolated to the water sector. The same type of PLCs, critical in managing various stages of water and wastewater treatment, are used across industries including energy, healthcare, and food and beverage manufacturing. These devices play a crucial role in regulating essential processes like fluid flow, pressure, and temperature control.   The hacking group, known as “Cyber Av3ngers,” is connected to Iran’s Islamic Revolutionary Guards Corps, a group designated as a terrorist organization by the U.S. in 2019. Their focus on Israeli-made components has led to a series of targeted attacks since November 22, including 10 water treatment facilities in Israel.   Their tag line is “Every equipment made in Israel is Cyber Av3ngers legal target.”   An investigation into the breach revealed that the PLC was accessed due to cybersecurity vulnerabilities, including weak password security (defaults are rarely reset) and internet exposure. This breach sheds light on the broader issue of cybersecurity in critical infrastructure sectors. In the U.S., a significant portion of this infrastructure is privately owned and often relies on self-regulation for cybersecurity, leading to calls for more stringent government-imposed regulations.   The incident also occurred in the wake of a federal appeals court decision that led the Environmental Protection Agency (EPA) to rescind a rule mandating cybersecurity testing in regular audits of U.S public water systems. This decision, influenced by a case involving Missouri, Arkansas, and Iowa, along with a water utility trade group, raises concerns about the robustness of cybersecurity measures in vital public utilities.   In response, the Biden administration has been talking about strengthening the cybersecurity of critical infrastructure. But, the extent to which vital industries implement these regulations is sketchy in that almost all of them are privately owned and operated with very little oversight. These breaches underscore the threat from nation state adversaries and our continuing response to them. And, why Foreign Policy is today far more important than many domestic issues that occupy our daily media reporting.   Without a dramatic improvement in the protection and detection we provide for critical infrastructure against even the most unsophisticated cyber threats, we are essentially writing our own obituary.   We could start by resetting default passwords.   Let’s get smarter.   https://cybered.io/ The Future. Now.