CISA is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers exposed online. PLCs are crucial control and management devices in industrial settings, and hackers compromising them could have severe repercussions, such as water supply contamination through manipulating the device to alter chemical dosing. Other risks include service disruption leading to a halt in water supply and physical damage to the infrastructure by overloading pumps or opening and closing valves. CISA confirmed that hackers have already breached a U.S. water facility by hacking these devices. The attack did not compromise potable water safety for the served communities. "Cyber threat actors are targeting PLCs associated with WWS facilities, including an identified Unitronics PLC, at a U.S. water facility," reads CISA's alert. "In response, the affected municipality's water authority immediately took the system offline and switched to manual operations-there is no known risk to the municipality's drinking water or water supply." The agency underlines that the threat actors take advantage of poor security practices to attack Unitronics Vision Series PLC with a human-machine interface rather than exploit a zero-day vulnerability on the product. Replace the default Unitronics PLC password, ensuring "1111" is not used. Implement MFA for all remote access to the Operational Technology network, including access from IT and external networks. If remote access is necessary, use a Firewall/VPN setup to control access. Regularly back up logic and configurations for quick recovery in case of ransomware attacks. Avoid using the default TCP port 20256, which is commonly targeted by cyber actors. Update the PLC/HMI firmware to the latest version provided by Unitronics. While CISA's advisory did not specify the threat actor behind the attacks, Cyberscoop reported that a recent hack on the Municipal Water Authority of Aliquippa, Pa., was conducted by Iranianian attackers. As part of this attack, the threat actors hijacked Unitronics PLCs to display a message from the threat actors. CISA also announced in September 2023 a free security scans program for critical infrastructure facilities like water utilities to help them identify security gaps and protect their systems from opportunistic attacks. Slovenia's largest power provider HSE hit by ransomware attack. Hacktivists breach U.S. nuclear research lab, steal employee data. CISA orders federal agencies to patch Looney Tunables Linux bug. CISA warns of actively exploited Windows, Sophos, and Oracle bugs. FBI shares tactics of notorious Scattered Spider hacker collective.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 20:24:55 +0000