The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a cyber attack on Unitronics programmable logic controllers (PLCs) used in water and wastewater treatment facilities. This attack targeted the Municipal Water Authority of Aliquippa in Pennsylvania and was attributed to an Iran-linked group called Cyber Av3ngers.
Description
The attack involved breaching a digital control panel made by Unitronics and disabling it [1]. The targeted PLC is responsible for providing drinking water to two townships, but fortunately, the attackers did not have the ability to alter the chemicals used in the water or cause any service disruptions [1]. As a precautionary measure, the water authority temporarily took the system offline and switched to manual operations [2]. The incident is currently under investigation by federal authorities, including the FBI [1], the Department of Homeland Security [1], and CISA.
It is worth noting that Unitronics PLC, which is widely used globally [1], remains vulnerable to exploitation [1]. Approximately 1,500 versions of the same PLC that was hacked in Aliquippa are still at risk [1]. In light of this attack, CISA recommends organizations to enhance their security measures. This includes changing default passwords, implementing multi-factor authentication [2], disconnecting PLCs from the internet [2], backing up logic and configurations [2], and applying the latest updates to mitigate the risk of similar attacks.
Conclusion
This cyber attack on Unitronics PLCs used in water and wastewater treatment facilities highlights the potential vulnerabilities in critical infrastructure systems. While the attackers were unable to cause significant harm in this instance, the incident serves as a reminder of the importance of robust cybersecurity measures. Organizations should take immediate steps to strengthen their security protocols and follow the recommendations provided by CISA. By doing so, they can better protect their systems from potential threats and mitigate the risk of future attacks.
References
[1] https://www.politico.com/news/2023/11/28/federal-government-investigating-multiple-hacks-of-us-water-utilities-00128977
[2] https://thehackernews.com/2023/11/iranian-hackers-exploit-plcs-in-attack.html
