Hackers Attack Israel’s Water Infrastructure

Uploaded on 2020-05-04 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Utilities

The Israeli government says that hackers have targeted its water supply and treatment facilities and has issued an alert to all organisations in the water sector following a series of cyber-attacks aimed at water facilities. 

According to news published by Israel’s National Cyber Directorate, the attacks targeted supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.

In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can't be changed, the agency recommended taking systems offline until proper security systems can be put in place.

The Israeli government has issued these alerts in an attempt to improve the cyber-security posture of its industrial infrastructure, but also after it received a report from cyber-security firm ClearSky. The company is said to have identified an Islamic hacktivist group active on social media. Named the Jerusalem Electronic Army, the group has a presence on all major social networks, such as Facebook, Instagram, WhatsApp, Twitter, and Telegram, where it often posts screenshots from targets they claim to have hacked.

On some of these sites, the group has claimed to have gained access to various Israeli universities and government systems.

Organisations in the water and energy sectors have been advised to immediately change the passwords of internet-accessible control systems, reduce internet exposure, and ensure that all control system software is up to date.
There are a number of potential options for this initial access breach. 

Most local water supply and waste-water facilities are small sites and most of them are connected via cellular-based communication to the Internet for maintenance and other purposes. These cellular routers are rarely hardened in terms of password control, disabling unsecure management interfaces and facing public IP address. So, it is believed that that cyber-criminal activity had been conducted remotely by scanning for known vulnerabilities, open ports, and exploiting weak or default passwords.

According to local media reports, the attacks targeted facilities across the country and Israel’s Water Authority claimed the attacks did not cause any operational damage. Organisations have been advised to immediately report incidents that result in disruption. 

Hackers targeting water and other vital utilities is a rel threat and experts have issued warnings that internet-exposed industrial control systems (ICS) often leave such facilities at risk.

Times of Israel:      radiflow:       ZDNet:      Security Week:        

You Might Also Read: 

Selecting The Right SCADA Technology:

 

 



 

 

« British Government Advice Threatens Your Cyber Security
Effective Cyber Security Training Using The GoCyber App »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

Atempo

Atempo

Atempo is a leading independent European-based software vendor with a global presence. We provide solutions to protect, store, move and recover all your data.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

Cequence Security

Cequence Security

Cequence, a pioneer in API security and bot management, is the only solution that delivers Unified API Protection (UAP), uniting discovery, compliance, and protection.

TOAE Security

TOAE Security

TOAE Security is a trusted cyber security consulting partner helping today's leading organizations protect their most important assets from evolving cyber threats.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

Wolf Hill Group

Wolf Hill Group

Wolf Hill Group, a Slone Partners company, is a national recruitment firm focused on Cybersecurity.

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

01 Communique Laboratory

01 Communique Laboratory

01 Communique Laboratory is an innovation leader in the new realm of Post-Quantum Cyber Security.

Conversant Group

Conversant Group

Conversant Group is an IT infrastructure and security consulting company, providing technical, organizational, procedural, and process consulting internationally.

Resolvo Systems

Resolvo Systems

Resolvo is provides comprehensive security assessment and testing services in Asia.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.