Hackers Attack Israel’s Water Infrastructure

Uploaded on 2020-05-04 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Production-Utilities

The Israeli government says that hackers have targeted its water supply and treatment facilities and has issued an alert to all organisations in the water sector following a series of cyber-attacks aimed at water facilities. 

According to news published by Israel’s National Cyber Directorate, the attacks targeted supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.

In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can't be changed, the agency recommended taking systems offline until proper security systems can be put in place.

The Israeli government has issued these alerts in an attempt to improve the cyber-security posture of its industrial infrastructure, but also after it received a report from cyber-security firm ClearSky. The company is said to have identified an Islamic hacktivist group active on social media. Named the Jerusalem Electronic Army, the group has a presence on all major social networks, such as Facebook, Instagram, WhatsApp, Twitter, and Telegram, where it often posts screenshots from targets they claim to have hacked.

On some of these sites, the group has claimed to have gained access to various Israeli universities and government systems.

Organisations in the water and energy sectors have been advised to immediately change the passwords of internet-accessible control systems, reduce internet exposure, and ensure that all control system software is up to date.
There are a number of potential options for this initial access breach. 

Most local water supply and waste-water facilities are small sites and most of them are connected via cellular-based communication to the Internet for maintenance and other purposes. These cellular routers are rarely hardened in terms of password control, disabling unsecure management interfaces and facing public IP address. So, it is believed that that cyber-criminal activity had been conducted remotely by scanning for known vulnerabilities, open ports, and exploiting weak or default passwords.

According to local media reports, the attacks targeted facilities across the country and Israel’s Water Authority claimed the attacks did not cause any operational damage. Organisations have been advised to immediately report incidents that result in disruption. 

Hackers targeting water and other vital utilities is a rel threat and experts have issued warnings that internet-exposed industrial control systems (ICS) often leave such facilities at risk.

Times of Israel:      radiflow:       ZDNet:      Security Week:        

You Might Also Read: 

Selecting The Right SCADA Technology:

 

 



 

 

« British Government Advice Threatens Your Cyber Security
Effective Cyber Security Training Using The GoCyber App »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Fox-IT

Fox-IT

Fox-IT prevents, solves and mitigates the most serious cyber threats with smart solutions for governmental bodies, defense, law enforcement, critical infrastructure, banking and large enterprises.

Qubitekk

Qubitekk

Qubitekk has developed quantum cryptography solutions for the machine-to-machine (M2M) communications market.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

Cyber Threat Defense (CT Defense)

Cyber Threat Defense (CT Defense)

CT Defense specialize in penetration testing and security assessments.

Plug and Play Tech Center

Plug and Play Tech Center

Plug and Play is the ultimate innovation platform, bringing together the best startups and the world’s largest corporations.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

CYSIAM

CYSIAM

CYSIAM provides world-leading expertise in offensive security and critical incident response. We train our clients to be able to protect themselves and respond to attacks and breaches when they occur.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

Gotham Security

Gotham Security

Gotham Security delivers high-quality penetration testing, malicious adversary simulation, compliance program development, and threat intelligence services.

Interactive

Interactive

Interactive are a leading Australian IT service provider with services in Cloud, Cyber Security, Data Centres, Business Continuity, Hardware Maintenance, Digital Workplace, and Networks.

ActiveFence

ActiveFence

ActiveFence enables Trust & Safety teams to be proactive about online integrity so they can keep their users safe from online harm – across content formats, languages, and abuse areas.

Logiq Consulting

Logiq Consulting

Logiq Consulting provide a full range of Cyber Security, Information Assurance and System Engineering services.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.