An Iranian hacking group gained passage to an unsafe Israeli water facility ICS. The hackers also posted the video on the internet to show the credibility of the attack. Experts from OTORIO, an industrial cybersecurity firm, informed an Iranian hacking group hacked into the HMI (human-machine interface). Taking advantage of the insecure HMI system, hackers gained access and later posted the video.
In the video published on December 1, 2020, the hackers claim an attack on a recycled water facility in Israel. “The reservoir’s HMI system was connected directly to the internet, without any security appliance defending it or limiting access. Furthermore, at the publication time, the system did not use any authentication method upon entry. It gave the attackers easy access to the design and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature, and more. All the adversaries needed was a connection to the world-wide-web and a web browser,” reports the OTORIO blog post.
By gaining access, it might have let the hackers communicate with the water facility’s process. For this, the hackers may have modified the parametric values like temperature and water pressure. The administrators secured the system on December 2; however, the system was still unprotected online. OTORIO says, “however, the system is still accessible through the internet without any barrier. Although this may prevent unskilled adversaries from accessing the system, those with a minimal toolbox can most likely compromise the system.”
As of now, experts don’t know if the attack caused any damage. Cybersecurity experts believe the hacking group behind the attack is “Unidentified Team,” which posted the video on its Telegram channel. The group has also attacked other institutes in the past, including American educational websites. “In the Israeli reservoir case, even minimal steps, such as authentication and restricting access, were not taken. This led to an easy compromise of the system. To fully protect SCADA devices, a more active approach should be applied. This includes secure remote access (e.g., VPN), access restriction based on Firewall rules, and active defense-in-depth methods,” says OTORIO.
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.