Tag: Utility | SpinSafe

Almost 37K impacted by Iowa utility ransomware attack

March 5, 2024/in Internet Security

Iowa-based water, electricity, and internet service provider Muscatine Power and Water had data from 36,995 of the town’s over 50,000 residents compromised following a ransomware attack in late January, which no threat operation has since claimed, reports The Record, a news site by cybersecurity firm Recorded Future.

Attackers infiltrated Muscatine Power and Water’s corporate network environment and obtained access to individuals’ names and Social Security numbers, as well as their customer proprietary network information associated with their telephone service subscriptions, said the utility in breach notification letters. While there has been no evidence suggesting any identity theft stemming from the incident, impacted individuals are being given free credit monitoring services for a year. Such a development comes weeks after the utility disclosed that the attack resulted not only in an eight-hour-long interruption of internet services but also a days-long disruption of business services even though no critical controls systems were affected.

Source…

CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack

November 29, 2023/in Computer Security

After hackers compromised an industrial control system (ICS) at a water utility in the United States, the cybersecurity agency CISA issued an alert over the exploitation of the targeted device.

The target of the attack was the Municipal Water Authority of Aliquippa in Pennsylvania, which confirmed that hackers took control of a system associated with a station where water pressure is monitored and regulated, but said there was no risk to the water supply or drinking water.

Based on publicly available information, the hackers targeted an Unitronics Vision system, which is a programmable logic controller (PLC) with an integrated human-machine interface (HMI).

A hacktivist group called Cyber Av3ngers, known to be anti-Israel and possibly linked to Iran, has taken credit for the attack, apparently targeting the Israel-made Unitronics PLC.

Unitronics Vision products have been known to be affected by critical vulnerabilities that could expose devices to attacks. However, HMIs are often accessible from the internet without authentication, making them an easy target even for low-skilled threat actors.

In the case of the Municipal Water Authority of Aliquippa, CISA noted that the attackers likely accessed the ICS device “by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet”.

This statement suggests that the attackers likely leveraged the fact that the device was insecurely configured, rather than exploiting an actual vulnerability. This would not be surprising for a hacktivist group as these types of threat actors mostly target low-hanging fruit and do not waste time and energy creating sophisticated exploits.

In order to protect their Unitronics PLCs against potential attacks, organizations have been urged by CISA to change the default ‘1111’ password, require multi-factor authentication for remote access to OT systems, ensure that the controller is not directly exposed to the internet, create backups for the PLC’s logic and configuration in case it gets compromised, change the default port, and update the device to the latest version.

Advertisement. Scroll to continue reading.

Such PLCs are used by organizations in the…

Source…

Another Progress Software file transfer utility vulnerable – Security – Software

October 2, 2023/in Internet Security

Progress Software, whose MOVEIt file transfer software was the vector for a variety of attacks earlier this year, has disclosed critical vulnerabilities in another package – and one is already being exploited.

Another Progress Software file transfer utility vulnerable

CVE-2023-40044 was discovered by two researchers from Assetnote, Shubham Shah and Sean Yeoh.

On October 1, they wrote that Progress Software’s WS_FTP package has a deserialisation vulnerability that affects “the entire Ad Hoc Transfer component” of the package.

In its advisory, Progress Software said: “In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialisation vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.”

However, Shah and Yeoh claimed that “the vulnerability could be triggered without any authentication”.

Assetnote said its scans revealed nearly 3000 hosts on the internet that matched the conditions for exploitation – they are running WS_FTP and they have an accessible web server, and most “belong to large enterprises, governments and educational institutions”.

Progress Software disclosed a number of other vulnerabilities in its advisory, including CVE-2023-42657, a critical-rated directory traversal bug that allows attackers to perform file operations (including deleting and renaming files and directories) on locations on the underlying operating system.

Source…