Dec. 4th – Around the world, water suppliers have been urged to upgrade their cyber security measures, after at least one U.S. operator experienced a breach via its industrial control systems, last week.
In the wake of the attack, after the facility’s Unitronics programmable logic controllers (PLCs) were compromised, systems were taken offline and the facility switched to manual mode.
Behind the incident
On Friday, the Cybersecurity and Infrastructure Security Agency (CISA) stated that the hackers, known as “CyberAv3ngers,” have been targeting certain groups for political reasons.
“We are now tracking over 150 such groups….and more hacktivist groups are joining,” says Gil Messing, the Chief of Staff at Check Point.
Recommended mitigations
For critical infrastructure operators, especially those in the water sector, the risk of cyber disruption is high enough that governments have specially notified providers of this latest threat, encouraging them to adopt appropriate mitigations:
- Mandating multi-factor authentication (MFA) for remote access to the operational technology (OT) network
- Ensuring that all passwords on the PLCs and human machine interfaces (HMIs) are new.
- Disconnecting the PLC from the public internet and apply a firewall/VPN infront of the PLC in order to regulate network access
- Having an “allowlist” of IPs for access to the programmable logic controllers
- Using a TCP port that diverges from the default port (TCP 20256)
- Ensuring that Unitronics PLCs/HMIs are updated to the latest version
To see CyberTalk.org’s past water supplier coverage, click here. For more on this topic, please click here. Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.