The Municipal Water Authority of Aliquippa in Pennsylvania was attacked by a group of hackers called Cyber Av3ngers. MWA supplies water and other services to over 6,600 customers. The cyber incident took place in November 2023. The hackers targeted a booster station, which is responsible for monitoring and regulating water pressure in specific townships. It is an industrial control system (ICS) and the hackers gained control of its programmable logic controller (PLC) with an integrated human-machine interface (HMI). Fortunately, there was no immediate risk to the water supply.
The booster station triggered an alarm that promptly alerted the water utility to the intrusion. The compromised system was swiftly disabled, mitigating potential risks to the water supply and public safety. In response to the incident, Pennsylvania State Police were notified.
The Iran-linked attackers hacktivist group Cyber Av3ngers specifically targeted the ICS provided by Israeli company Unitronics. The hackers exploited known vulnerabilities in Unitronics Vision products, which have been previously identified as potential targets for cyber threats. The PLCs with integrated HMIs are susceptible to attacks, especially when left exposed without proper authentication measures. Such vulnerabilities make these water facilities an easy target for attackers.
Cyber Av3ngers claimed responsibility for breaching several water treatment stations in Israel, citing actions taken in response to the Israel-Hamas conflict. However, it's important to note that hacktivist groups often exaggerate the impact of their attacks, sometimes even resorting to publishing fake data to amplify their cause.
However, ensuring that water facilities and other such critical infrastructure are secure is crucial. The consequences of a cyber attack on water systems could have catastrophic results. After entering and compromising the ICS systems, hackers could shut down its operations which would leave several states without water supply. Attackers could also alter chemical levels in the water supply that would be poisonous and life-threatening, or they could manipulate water pressure levels, leading to further complications. Worse, hackers don’t need to be industrial system experts to attack these types of environments.
Therefore, ICS and OT cybersecurity experts emphasize the significance of addressing vulnerabilities in these water systems. The ease with which HMIs are accessible to hackers highlights the importance of implementing robust security measures to safeguard critical infrastructure. While hacktivist groups may lack specialized expertise in industrial systems, the lax security often present in these systems makes them susceptible to unauthorized access and potential manipulation of physical processes.
Cyberattacks targeting the water sector are not uncommon. Over 15 cyber attacks have occurred in the last year and the number only continues to grow. As a result, government agencies such as CISA offer vulnerability scanning services to organizations within this critical infrastructure sector. MicroSec also provides a non-invasive, easy and automated industrial cybersecurity assessment that evaluates your OT cyber risks and checks for threats as well as vulnerabilities.
As the threat landscape evolves, securing ICS and enhancing OT cybersecurity measures remain paramount to protecting essential services and infrastructure from potential disruptions.
Source: https://www.securityweek.com/hackers-hijack-industrial-control-system-at-us-water-utility/