Security Experts:

Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities

A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry.

Israeli authorities confirmed in late April that hackers had targeted industrial control systems (ICS) at several water and wastewater facilities across the country. People familiar with the attacks said at the time that the attackers had targeted programmable logic controllers (PLCs) and they knew how to target such devices.

Israeli officials said at the time that the attacks were blocked before any damage could be caused, but they warned that the incidents could have had serious consequences as the hackers attempted to make harmful modifications to the chemicals mixed into the water source.Iran again targets Israel's water sector

A new round of attacks on Israel’s water sector was reported last week and, similar to the first attacks, they targeted smaller, local facilities. Israel’s Water Authority said the hackers targeted drainage facilities in the agriculture sector, specifically water pumps. Authorities said the attack did not cause any damage and it “had no real effect.”

An anonymous source with knowledge of the cyberattacks told SecurityWeek that both the latest and the April incidents involved vulnerable cellular routers, which enable organizations to remotely connect to their industrial systems.

The attackers, the source said, used the insecure cellular equipment as an entry point, and once they were inside the targeted organization they could make changes to PLCs by leveraging legitimate features, without the need to exploit any actual vulnerabilities in the controllers.

The hackers managed to make some changes to PLCs in the latest attacks, but since the targeted facilities serve a smaller area, the impact was small and the potential damage they could have caused was also limited.

Learn more about threats to industrial systems at SecurityWeek’s 2020 ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

Following the attacks launched in April, SecurityWeek has learned, the government advised organizations to ensure that their cellular communications equipment is not vulnerable, but at least some of them obviously failed to take action, enabling threat actors to launch another round of attacks.

Similar to the previous attacks, the latest operation was attributed to Iran.

There appears to be an ongoing cyberwar between Iran and Israel. While none of the two sides has openly admitted to launching cyberattacks, an assault aimed at a major Iranian port in May was believed to be Israel’s response to the April attacks on water facilities.

There has also been speculation that the recent fires and explosions at some important Iranian nuclear and military facilities may have been caused deliberately as part of an operation that involved cyberattacks, and Israel is the main suspect.

Related: Bitter Israel-Iran Rivalry Takes New Forms Online

Related: Hackers Knew How to Target PLCs in Israel Water Facility Attacks: Sources

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.