November 29, 2023 at 01:13PM
CISA alerts of a cyber intrusion at a U.S. water facility via internet-exposed Unitronics PLCs, without harming drinking water. The agency advises replacing default passwords, using MFA, disconnecting PLCs from the internet, using firewalls, backing up systems, changing ports, and updating firmware to bolster security.
Key Takeaways from Meeting Notes:
1. CISA has issued a warning about threat actors hacking into U.S. water facilities through exposed Unitronics PLCs.
2. Compromised PLCs pose significant risks, including potential water contamination, service disruption, and infrastructure damage.
3. A specific incident of a security breach at a U.S. water facility has been confirmed, but there was no resultant threat to the drinking water safety or water supply.
4. The warning from CISA notes a particular vulnerability in the Unitronics Vision Series PLC with HMI due to poor security practices, rather than a zero-day exploit.
5. To mitigate these risks, CISA recommends several security measures, including:
– Changing default passwords on Unitronics PLCs and avoiding the use of “1111”
– Implementing MFA for remote access to OT networks
– Disconnecting PLCs from open internet access (if remote access is needed, use a Firewall/VPN)
– Regular backup of logic and configurations to facilitate recovery from ransomware attacks
– Avoiding the default TCP port 20256 and utilizing PCOM/TCP filters
– Updating to the latest PLC/HMI firmware
6. Although CISA didn’t name the threat actor involved, Cyberscoop links a recent hack in Aliquippa, Pa., to Iranian attackers, who also hijacked Unitronics PLCs to display a message.
7. CISA is launching a free security scans program for critical infrastructure in September 2023 to help identify security gaps and reinforce against attacks.