Monday, December 23, 2024
Homecyber securityHackers Exploiting PLC Controllers In US Water Management System To Gain Remote...

Hackers Exploiting PLC Controllers In US Water Management System To Gain Remote Access

Published on

SIEM as a Service

A joint Cybersecurity Advisory (CSA) warns of ongoing exploitation attempts by Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors using the online persona “CyberAv3ngers.” 

These actors are targeting and compromising Unitronics Vision Series programmable logic controllers (PLCs), specifically those manufactured by the Israeli company Unitronics.

Water and Wastewater Systems (WWS) are among the many critical infrastructure sectors that have adopted these PLCs for widespread deployment. 

- Advertisement - SIEM as a Service

Their applications are not limited to WWS; they are also utilized in other sectors, such as the energy industry, the food and beverage manufacturing industry, and healthcare facilities. 

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

The concerning aspect of this targeting is that these PLCs, along with other associated controllers, are frequently exposed to the internet for remote control and monitoring purposes.

The user interface (UI) of the PLCs that were targeted appears to be the primary focus of the compromise that has been reported, which could potentially render them inoperable. 

By gaining access to these controllers, the actors could disrupt critical processes overseen by the PLCs, potentially leading to significant consequences depending on the targeted infrastructure.

The CSA urges organizations utilizing Unitronics Vision Series PLCs to implement a layered cybersecurity approach to mitigate these exploitation attempts, which includes segmenting networks to isolate PLCs from internet connectivity whenever possible. 

If remote access is necessary, organizations should utilize secure remote access solutions with multi-factor authentication (MFA) and maintain updated firmware on PLCs associated with control systems. 

Patching known vulnerabilities promptly is crucial to minimize the attack surface and implement network segmentation to restrict access to PLCs only to authorized personnel and devices.

Employ strong passwords enforce password rotation policies for accounts with access to PLCs and monitor network activity for anomalous behavior that might indicate unauthorized access attempts. 

By following these defensive measures, organizations can significantly reduce the risk of successful compromise by IRGC-affiliated cyber actors or any other malicious threat actor targeting their critical infrastructure.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Latest articles

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...

Lazarus Hackers Using New VNC Based Malware To Attack Organizations Worldwide

The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware

Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer...

BellaCiao, A new .NET Malware With Advanced Sophisticated Techniques

An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the...

Malicious Apps On Amazon Appstore Records Screen And Interecpt OTP Verifications

A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store,...