Hackers Attack Israel’s Water Infrastructure

The Israeli government says that hackers have targeted its water supply and treatment facilities and has issued an alert to all organisations in the water sector following a series of cyber-attacks aimed at water facilities. 

According to news published by Israel’s National Cyber Directorate, the attacks targeted supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.

In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can't be changed, the agency recommended taking systems offline until proper security systems can be put in place.

The Israeli government has issued these alerts in an attempt to improve the cyber-security posture of its industrial infrastructure, but also after it received a report from cyber-security firm ClearSky. The company is said to have identified an Islamic hacktivist group active on social media. Named the Jerusalem Electronic Army, the group has a presence on all major social networks, such as Facebook, Instagram, WhatsApp, Twitter, and Telegram, where it often posts screenshots from targets they claim to have hacked.

On some of these sites, the group has claimed to have gained access to various Israeli universities and government systems.

Organisations in the water and energy sectors have been advised to immediately change the passwords of internet-accessible control systems, reduce internet exposure, and ensure that all control system software is up to date.
There are a number of potential options for this initial access breach. 

Most local water supply and waste-water facilities are small sites and most of them are connected via cellular-based communication to the Internet for maintenance and other purposes. These cellular routers are rarely hardened in terms of password control, disabling unsecure management interfaces and facing public IP address. So, it is believed that that cyber-criminal activity had been conducted remotely by scanning for known vulnerabilities, open ports, and exploiting weak or default passwords.

According to local media reports, the attacks targeted facilities across the country and Israel’s Water Authority claimed the attacks did not cause any operational damage. Organisations have been advised to immediately report incidents that result in disruption. 

Hackers targeting water and other vital utilities is a rel threat and experts have issued warnings that internet-exposed industrial control systems (ICS) often leave such facilities at risk.

Times of Israel:      radiflow:       ZDNet:      Security Week:        

You Might Also Read: 

Selecting The Right SCADA Technology:

 

 



 

 

« British Government Advice Threatens Your Cyber Security
Effective Cyber Security Training Using The GoCyber App »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ANS Group

ANS Group

ANS are a strong team of straight-talking tech and business experts. Our mission is to make digital transformation accessible to all.

CircleCI

CircleCI

CircleCI’s platform allows developers to rapidly release code (for web and mobile apps) they trust by automating the build, test, and deploy process.

Decision Group

Decision Group

Decision Group are a Total Solution Supplier offering Network Forensics and Lawful Interception tools.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

Computer Forensics Consult (CFC)

Computer Forensics Consult (CFC)

Computer Forensics Consult provides disaster recovery, computer forensics, electronic discovery and litigation support services in the growing area of Cyber Security.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

Cyber Security Services

Cyber Security Services

Cyber Security Services is a cyber security consulting firm and security operations center (SOC).

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

Bright Pixel Capital

Bright Pixel Capital

Bright Pixel Capital is a venture capital company with a focus on Cybersecurity, Retail Technologies, Digital Infrastructure and Emerging Technologies.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.

OxCyber

OxCyber

OxCyber's mission is to ignite and encourage cybersecurity and technology growth in the Thames Valley through meetings, webinars, in person events, workshops and mentorship programs.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.