A recent cybersecurity incident highlighted vulnerabilities in critical infrastructure in the United States. A municipal water center in Pennsylvania was targeted by an Iranian threat actor known as CyberAv3nger. The attack exploited internet-connected programmable logic controllers (PLCs) and defaced the unit’s screen with a message expressing anti-Israel sentiments. The hacker group appears to be targeting equipment made in Israel. The water company took the unit offline and switched to manual operations, but the compromise was a wake-up call for critical infrastructure with questionable security practices.
The attackers were able to take control of the PLC with the manufacturer’s default password, showing that the controller unit was public-facing on the internet and easy to access. The hackers could easily search the internet for this controller and keep trying them until they found one where the password was not changed from the default. Water utilities are chronically underfunded, so they often don’t have room in the operating budget for cybersecurity employees. Water utilities were supposed to be added to the list of other public utilities inspected for cybersecurity defenses by the EPA, but the government was forced to abandon the new law after lawsuits from attorneys general of Arkansas, Iowa, and Missouri. This new attack is likely to bring EPA inspection back to the forefront.
On December 1st, the FBI, NSA, and EPA released an alert highlighting the malicious cyber activity of CyberAv3ngers and other similar groups. The alert warned of attacks in energy, food and beverage, manufacturing, and healthcare sectors. Cybersecurity specialists have focused on the internet-facing part of the attack. Many of these controller devices do not need to be on the internet to perform their function. We are so used to connecting all devices to the internet, but in an industrial setting, it opens controllers and the business network up to attack.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
