Adrian Johnson
TLDR
• The hacktivist group known as the Cyber Av3ngers recently targeted and compromised the operational technology (OT) assets of a municipal water authority in Pennsylvania.
• The group was able to exploit poor password protocols and unsecure internet connections to gain access to the organization’s programmable logic controllers (PLCs).
• The attack demonstrated the potential dangers of such groups and the vulnerabilities that exist in industrial control systems (ICS).
The Iran-affiliated hacktivist group, Cyber Av3ngers, has recently made headlines for its attack on a Pennsylvania municipal water authority. This attack, which compromised the organization’s OT assets, serves as a reminder of the potential dangers posed by hacktivist groups and the vulnerabilities that exist in industrial control systems (ICS).
The Cyber Av3ngers group, known for its anti-Israel stance, utilized basic techniques to scan the internet, identify Israel-based Unitronics devices, and gain access using default credentials that were never changed during implementation. By gaining access to the PLCs, the group could have had unlimited control over the water supply and other critical operational systems.
Fortunately, the water authority was able to identify the attack quickly and shut down the PLCs before any significant damage occurred. However, several other users of Unitronics PLCs, including U.S. breweries, were forced to shut down operations until a solution was provided. This incident highlights the potential threat that hacktivist groups like Cyber Av3ngers present to critical infrastructure and the need for improved cybersecurity measures.
In response to the vulnerability exposed by this attack, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued guidelines for securing PLCs. These guidelines include changing default passwords, implementing multifactor authentication, disconnecting PLCs from the internet, and updating to the latest versions provided by manufacturers like Unitronics.
Marty Edwards, deputy CTO for OT and IoT at Tenable, a leading industrial cybersecurity solutions provider, believes that the active exploitation of Unitronics PLCs is evidence that industrial security needs significant improvements. He emphasizes the importance of basic cybersecurity hygiene and the need for government regulation to ensure the cyber safety of public services.
Overall, the Cyber Av3ngers attack serves as a watershed moment for ICS security. It demonstrates the potential threat posed by hacktivist groups and the urgent need for improved cybersecurity measures to protect critical infrastructure.
