Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack

After hackers compromised ICS at a US water utility, CISA issued a warning over the exploitation of the targeted Unitronics PLC.

Water utility cybersecurity

After hackers compromised an industrial control system (ICS) at a water utility in the United States, the cybersecurity agency CISA issued an alert over the exploitation of the targeted device.

The target of the attack was the Municipal Water Authority of Aliquippa in Pennsylvania, which confirmed that hackers took control of a system associated with a station where water pressure is monitored and regulated, but said there was no risk to the water supply or drinking water.

Based on publicly available information, the hackers targeted an Unitronics Vision system, which is a programmable logic controller (PLC) with an integrated human-machine interface (HMI).

A hacktivist group called Cyber Av3ngers, known to be anti-Israel and possibly linked to Iran, has taken credit for the attack, apparently targeting the Israel-made Unitronics PLC. 

Unitronics Vision products have been known to be affected by critical vulnerabilities that could expose devices to attacks. However, HMIs are often accessible from the internet without authentication, making them an easy target even for low-skilled threat actors. 

In the case of the Municipal Water Authority of Aliquippa, CISA noted that the attackers likely accessed the ICS device “by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet”. 

This statement suggests that the attackers likely leveraged the fact that the device was insecurely configured, rather than exploiting an actual vulnerability. This would not be surprising for a hacktivist group as these types of threat actors mostly target low-hanging fruit and do not waste time and energy creating sophisticated exploits.  

In order to protect their Unitronics PLCs against potential attacks, organizations have been urged by CISA to change the default ‘1111’ password, require multi-factor authentication for remote access to OT systems, ensure that the controller is not directly exposed to the internet, create backups for the PLC’s logic and configuration in case it gets compromised, change the default port, and update the device to the latest version.

Advertisement. Scroll to continue reading.

Such PLCs are used by organizations in the water and wastewater sector to control and monitor processes. An attack on these systems could threaten the ability of facilities to provide clean water and effectively manage wastewater, CISA warned.

Cyberattacks aimed at the water sector are increasingly common and there have been some confirmed reports of attacks impacting ICS at water facilities. In an effort to help organizations in this sector protect their systems, CISA has been offering a free vulnerability scanning service.

Related: Former Contractor Employee Charged for Hacking California Water Treatment Facility

Related: EPA Mandates States Report on Cyber Threats to Water Systems

Related: Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...