Hackers Attack Israel’s Water Infrastructure

The Israeli government says that hackers have targeted its water supply and treatment facilities and has issued an alert to all organisations in the water sector following a series of cyber-attacks aimed at water facilities. 

According to news published by Israel’s National Cyber Directorate, the attacks targeted supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.

In a security alert sent by the Israeli National Cyber-Directorate (INCD), the agency is urging personnel at companies active in the energy and water sectors to change passwords for all internet-connected systems. If passwords can't be changed, the agency recommended taking systems offline until proper security systems can be put in place.

The Israeli government has issued these alerts in an attempt to improve the cyber-security posture of its industrial infrastructure, but also after it received a report from cyber-security firm ClearSky. The company is said to have identified an Islamic hacktivist group active on social media. Named the Jerusalem Electronic Army, the group has a presence on all major social networks, such as Facebook, Instagram, WhatsApp, Twitter, and Telegram, where it often posts screenshots from targets they claim to have hacked.

On some of these sites, the group has claimed to have gained access to various Israeli universities and government systems.

Organisations in the water and energy sectors have been advised to immediately change the passwords of internet-accessible control systems, reduce internet exposure, and ensure that all control system software is up to date.
There are a number of potential options for this initial access breach. 

Most local water supply and waste-water facilities are small sites and most of them are connected via cellular-based communication to the Internet for maintenance and other purposes. These cellular routers are rarely hardened in terms of password control, disabling unsecure management interfaces and facing public IP address. So, it is believed that that cyber-criminal activity had been conducted remotely by scanning for known vulnerabilities, open ports, and exploiting weak or default passwords.

According to local media reports, the attacks targeted facilities across the country and Israel’s Water Authority claimed the attacks did not cause any operational damage. Organisations have been advised to immediately report incidents that result in disruption. 

Hackers targeting water and other vital utilities is a rel threat and experts have issued warnings that internet-exposed industrial control systems (ICS) often leave such facilities at risk.

Times of Israel:      radiflow:       ZDNet:      Security Week:        

You Might Also Read: 

Selecting The Right SCADA Technology:

 

 



 

 

« British Government Advice Threatens Your Cyber Security
Effective Cyber Security Training Using The GoCyber App »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

Alsid

Alsid

Alsid helps corporates to anticipate attacks by detecting breaches before hackers can exploit them.

Blackbird.AI

Blackbird.AI

Blackbird.AI provides an intelligence and early-warning system to help users detect disinformation and take action against threats.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

DeVry University - Cyber Security Degree

DeVry University - Cyber Security Degree

Explore the dynamic world of data protection with a hybrid or online cyber security degree specialization with DeVry's IT & Networking Bachelor's Degree.

Speedinvest

Speedinvest

Speedinvest is one of Europe’s most active early-stage investors with a focus on Deep Tech, Fintech, Industrial Tech, Network Effects, and Digital Health.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Nisos

Nisos

Nisos provides unrivaled protection of your reputation and assets through the practice of Active Defense.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

D2 Network Associates (D2NA)

D2 Network Associates (D2NA)

D2NA help businesses deliver and achieve their goals, through innovative IT solutions, robust cyber security services and proactive IT managed services.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.

Pixee

Pixee

Pixee fixes vulnerabilities, hardens code, squashes bugs, and gives engineers more time to focus on the work that counts.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.