SCADAfence Blog

Iranian Hackers Target Water Supply - Prevent Similar Attacks

Written by Michael Yehoshua | May 7, 2020 12:22:00 PM

Iran Launches Cyber Attacks on Israeli Water Facilities

According to a Fox News report, Iranian cyber attackers used American servers to launch their attacks on the Israeli water infrastructure sites. The Iranian hackers routed the attack through servers located in the United States.

The wide range of attacked Israeli water facilities have proven that these were systematic hacking attempts by the Iranians. These hacking attempts specifically targeted sewage and chlorine treatment to drinking water wells, and are a new wave of cyber-related terror attacks with the goal of endangering the public safety of Israeli civilians.

New Insights on the Water Facility Attacks

Although there is very little information on the recent attacks to Israel’s water facilities, some additional interesting points can be seen from these attacks:

  • The incidents occurred during the weekend, at a time when the hackers assumed there would be less personnel monitoring the networks. Today, with the Covid-19 situation, this can be even more harmful to the already delicate health care situation in the country.
  • The hackers used password brute force methods and originated their attacks in water utility devices that were connected to the internet. System administrators that were not able to change their system passwords were instructed to disconnect them from the internet until the passwords could be successfully changed.
  • The hackers primarily attack IIoT devices, which can be found to be exposed via the Shodan engine. This emphasizes how simple it is today to reach critical devices, and how rapidly these devices can become exploited.

The Global Risk Landscape for Water Devices

The risk landscape to water infrastructure is very wide. All water treatment and supply processes are critical and are very sensitive to manipulation. By nature, the water sewage systems are very distributed and have a lot of unmanned sensors and actuators. Today, during the Covid-19 outbreak, there are even less pairs of eyes monitoring these systems than in regular days. To make matters worse, there is an increasing need, more than ever for remote access and connectivity to the Internet.

The easiest way to operate these distributed sensors remotely, is to directly connect them to the Internet, transforming them into IoT devices. 

But connecting critical equipment to the Internet increases their risks drastically, and this cannot be done without proper hardening and security measures.

 

How to Prevent Similar Hacking Attempts:

  • The first priority recommended is to protect Internet connected equipment by modern firewalls and VPN gateways. 
  • After that, it is recommended that all network devices should be properly hardened, have the most updated firmware, and have strong authentication mechanisms - a strong password is highly recommended.
  • Enable OT network monitoring that can detect abnormal and malicious activities, with the focus on understanding the industrial applicative process. This also immediately reports on incidents such as irregular application behavior, intrusive or stop commands to OT equipment, out-of-range process values, unusual bandwidth consumption or working hours, unauthorized external access, and any other strange system behavior.
  • Getting OT network monitoring is free during the coronavirus crisis, providing immediate results of protection and risk reduction.

 

How Organizations Can Manage Their Risk Levels in this New Wave of Cyber-Attacks

In order to be able to properly manage the risk levels and be in control during potential incidents, it is recommended for organizations to implement the following organizational practices:

  • Perform security and penetration tests to industrial equipment before exposing them to the Internet.
  • Implement a central IoT security orchestration solution that will be able to deal with a large inventory of distributed devices, from multiple vendors, and with limited security and management interfaces.
  • Set clear incident handling procedures and install automatic mechanisms that will make the response to possible attack attempts quickly and automatically, such as blocking of unsolicited IPs or temporary disconnection of equipment from the Internet.
  • Put a governance solution in place that can track security implementation levels across the entire remote site infrastructure, and provide risk metrics based on real systems behavior data, to the management, for risk planning.

 

Water Facilities are Just the Tip of the Iceberg

Although water facilities were attacked first in Israel, many more cyber attacks on utilities could be forthcoming.

These include industrial espionage, shutting down the refrigerators in supermarkets and medical lab networks, spying on gas stations, damaging water dams, disabling critical manufacturing plants and even explosions. These are some of the additional cybersecurity related dangers that can come next if critical organizations are not extra vigilant.

It’s always recommended to stay ahead of cyber attackers and to take a proactive approach. We’re here to help your organization with that, by offering our award-winning platform for free during these challenging times. For more details, click here.