Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities

A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry.

A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry.

Israeli authorities confirmed in late April that hackers had targeted industrial control systems (ICS) at several water and wastewater facilities across the country. People familiar with the attacks said at the time that the attackers had targeted programmable logic controllers (PLCs) and they knew how to target such devices.

Israeli officials said at the time that the attacks were blocked before any damage could be caused, but they warned that the incidents could have had serious consequences as the hackers attempted to make harmful modifications to the chemicals mixed into the water source.Iran again targets Israel's water sector

A new round of attacks on Israel’s water sector was reported last week and, similar to the first attacks, they targeted smaller, local facilities. Israel’s Water Authority said the hackers targeted drainage facilities in the agriculture sector, specifically water pumps. Authorities said the attack did not cause any damage and it “had no real effect.”

An anonymous source with knowledge of the cyberattacks told SecurityWeek that both the latest and the April incidents involved vulnerable cellular routers, which enable organizations to remotely connect to their industrial systems.

The attackers, the source said, used the insecure cellular equipment as an entry point, and once they were inside the targeted organization they could make changes to PLCs by leveraging legitimate features, without the need to exploit any actual vulnerabilities in the controllers.

The hackers managed to make some changes to PLCs in the latest attacks, but since the targeted facilities serve a smaller area, the impact was small and the potential damage they could have caused was also limited.

Learn more about threats to industrial systems at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

Following the attacks launched in April, SecurityWeek has learned, the government advised organizations to ensure that their cellular communications equipment is not vulnerable, but at least some of them obviously failed to take action, enabling threat actors to launch another round of attacks.

Advertisement. Scroll to continue reading.

Similar to the previous attacks, the latest operation was attributed to Iran.

There appears to be an ongoing cyberwar between Iran and Israel. While none of the two sides has openly admitted to launching cyberattacks, an assault aimed at a major Iranian port in May was believed to be Israel’s response to the April attacks on water facilities.

There has also been speculation that the recent fires and explosions at some important Iranian nuclear and military facilities may have been caused deliberately as part of an operation that involved cyberattacks, and Israel is the main suspect.

Related: Bitter Israel-Iran Rivalry Takes New Forms Online

Related: Hackers Knew How to Target PLCs in Israel Water Facility Attacks: Sources

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.