November 29, 2023 at 04:28PM
CISA investigates a cyberattack on a Pennsylvania water authority by suspected Iranian hackers targeting PLCs in US infrastructure. The Municipal Water Authority of Aliquippa switched to manual controls after an attack, causing operational inconvenience but not affecting water quality. Meanwhile, a Texas water district is recovering from a ransomware attack by Daixin Team, with ongoing investigations into stolen sensitive data. CISA advises stronger PLC security measures to prevent compromises.
Meeting Takeaways:
1. Incident Summary:
– CISA is investigating a cyberattack on a Pennsylvania water authority believed to be carried out by Iranian-linked cybercriminals.
– The Municipal Water Authority of Aliquippa, serving roughly 15,000 customers near Pittsburgh, was targeted by a group called Cyber Av3ngers.
– The attack, after Thanksgiving, compromised a Unitronics Vision Series PLC but did not impact the water supply.
– The compromised system was taken offline, with operations switching to manual.
– US water utilities are warned of more attacks targeting programable logic controllers (PLCs).
2. Cyberattack Specifics:
– Cyber Av3ngers took responsibility for the attack and similar ones in Israel, announcing it on Twitter.
– They exploited cybersecurity weaknesses, including inadequate password security and internet exposure.
– Default PLC passwords and specific open ports (TCP port 20256) were used to gain unauthorized access.
3. Security Recommendations:
– Change default passwords, particularly the Unitronics default “1111”.
– Avoid public internet connection for PLCs; if remote access is necessary, use secure methods such as a VPN.
– Implement multi-factor authentication (MFA) across operational technology networks.
– Change the default access port, and consider port obfuscation.
– Back up logic and configurations for quick recovery after incidents like ransomware attacks.
4. Other Incidents:
– The Texas water district was impacted by ransomware from the Daixin Team, which claimed to have stolen sensitive personal data.
– North Texas Municipal Water District has largely restored its network while the phone system repairs are underway.
– Daixin Team has a history of targeting healthcare facilities, including hospitals in Ontario, Canada.
5. Actions Taken:
– The Aliquippa water authority responded with immediate offline switch-over and manual operations.
– The North Texas water district notified law enforcement and engaged security experts.
– The incidents have highlighted the need for enhanced cybersecurity protocols in critical infrastructure sectors.
6. Investigations and Warnings:
– The Cybersecurity and Infrastructure Security Agency (CISA) is actively investigating and issuing warnings.
– Utilities are advised to audit and strengthen their cybersecurity practices to safeguard against further attacks.