Tag Archive for: Water

Iranian Hacking Group Attacks Pennsylvania Water Authority

/in


CISA Investigating Iranian Hacking Group Attack on Pennsylvania Water Authority

Chris Riotta (@chrisriotta) •
November 28, 2023    

Iranian Hacking Group Attacks Pennsylvania Water Authority
Iranian threat actors launched a cyberattack against the Municipal Water Authority of Aliquippa. (Image: MWAA)

The U.S. Cybersecurity and Infrastructure Security Agency is investigating a cyberattack from an Iranian hacking group known as “Cyber Av3ngers” that targeted a small municipal water authority in Pennsylvania over its use of Israeli-owned software, according to officials.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

The Municipal Water Authority of Aliquippa confirmed it had been the subject of a breach Saturday that shut down a supply pump providing drinking water to multiple municipalities, including a town in the Pittsburgh metropolitan area with nearly 3,000 residents, according to U.S. Census data.


The water authority uses pressure-monitoring equipment developed by the Israeli technology company Unitronics. When the attack occurred, a small Unitronics device in the Pennsylvania facility flashed a bright red message that read: “You have been hacked. Down with Israel. Every equipment ‘made in Israel’ is Cyber Av3ngers legal target.”


The intrusion triggered alerts to the U.S. Department of Homeland Security and sent on-call municipal workers scrambling during the holiday weekend to shut down automated systems and conduct manual operations.


Robert Bible, a Pittsburgh-area water authority official, told media outlets that local water service was not disrupted and water quality remained unaffected from the incident.

The attack is one of a handful of known cyberattacks on American water systems. The Biden administration earlier this year attempted to use existing regulatory authorities to force water systems into evaluating their cybersecurity risk, but it backed off in the face of a court ruling staying the…

Source…

US-Canada water org confirms ‘cybersecurity incident’ after ransomware crew threatens leak • The Register

/in


The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.

“The International Joint Commission has experienced a cybersecurity incident, and we are working with relevant organizations to investigate and resolve the situation,” a spokesperson for the org told The Register.

The spokesperson declined to answer specific questions about what happened, or confirm the miscreants’ data theft claims.

IJC is a cross-border water commission tasked with approving projects that affect water levels of the hundreds of lakes and rivers along the US-Canada border. It also resolves disputes over waters shared between the two countries. 

On September 7, the NoEscape ransomware crew listed IJC as a victim on its dark-web site, and claimed it breached the commission’s network, and then stole and encrypted a flood of confidential data. This info, according to the crooks, included contracts and legal documents, personal details belonging to employees and members, financial and insurance information, geological files, and “much other confidential and sensitive information.”

The cyber-crime gang has given the IJC ten days to respond to its ransom demand, or it may make the swiped info public. 

“If management continues to remain silent and does not take the step to negotiate with us, all data will be published,” the NoEscape leak notice threatened. “We have more than 50,000 confidential files, and if they become public, a new wave of problems will be colossal. For now, we will not disclose this data or operate with it, but if you continue to lie further, you know what awaits you.”

The IJC spokesperson contacted by The Register declined to comment on the ransom demand or if the commission would pay.

Who is NoEscape?

NoEscape is a ransomware-as-a-service operation that appeared in May and takes a double-extortion approach. That means instead of simply infecting victims’ machines with malware, encrypting their files and demanding a ransom to release the data, the crooks first steal the files before locking them up. They threaten to…

Source…

CISA announces free security scans for public water utilities

/in


The U.S. Cybersecurity and Infrastructure Security Agency is offering free security scans for critical infrastructure facilities, such as water utilities, to help protect them from cyberattacks.

The midweek announcement comes as water treatment facilities across the country have suffered from rising security threats over the past two years, including a recent attempt to compromise the safety and protection systems of the water treatment facility in Discovery Bay, California, by a former employee of one of the plant’s vendors.

In 2021, CISA and other agencies, including the FBI, Environmental Protection Agency and National Security Agency, issued a joint advisory report documenting the ongoing cybersecurity vulnerabilities in water systems nationwide, which “threaten their ability to provide potable water and effectively manage their wastewater.”

Drinking water and wastewater systems often offer public-facing applications that can be vulnerable to attack, potentially disrupting or halting operations.

CISA agents run specialized scanners to identify a facility’s vulnerabilities and weak configurations in internet-exposed endpoints, commonly used for initial access by threat actors and some ransomware groups.

Depending on the severity of flaws and vulnerabilities found, reports are generated within one to six days. The federal agency sends weekly reports with recommendations, while further scans determine if the water utilities have taken the steps to solve previously disclosed issues.

CISA’s new no-cost scanning program was co-developed with the EPA, the Water Sector Coordinating Council and the Association of State Drinking Water Administrators. CISA encouraged all drinking water and wastewater system operators to enroll in the service.

In the announcement, CISA said it aims to significantly reduce identified vulnerabilities in the first few months of security scans.

Source…

Former Contractor Employee Charged for Hacking California Water Treatment Facility

/in


A 53-year-old man from Tracy, California, has been charged for allegedly hacking into the systems of a water treatment facility in an attempt to delete critical software.

The suspect, Rambler Gallo, has been charged with “transmitting a program, information, code, and command to cause damage to a protected computer”, but this is a case of unauthorized access rather than actual hacking. 

Gallo worked for a company contracted by the town of Discovery Bay in California to operate its water treatment facility, which serves 15,000 residents. 

He worked at the company between 2016 and the end of 2020, and during this time he allegedly installed software that allowed him to access the facility’s systems from his personal computer. 

After he resigned in January 2021, he used that remote access software to enter the water facility’s systems and “transmitted a command to uninstall software that was the main hub of the facility’s computer network and that protected the entire water treatment system, including water pressure, filtration, and chemical levels,” according to a press release from authorities in the Northern District of California. 

Gallo faces up to 10 years in prison and a $250,000 fine. 

It’s not uncommon for water facilities to be targeted, including by former employees. One of the most well-known incidents involves the water plant in Oldsmar, Florida. While initially it was believed that malicious hackers had tried to poison the water supply, recent reports said the incident did not involve any hacking and it may have actually been the result of human error. 

Advertisement. Scroll to continue reading.

Related: US Says National Water Supply ‘Absolutely’ Vulnerable to Hackers

Related: Former Ubiquiti Employee Who Posed as Hacker Sentenced to Prison

Related: Former Cisco Employee Sentenced to Prison for Webex Hack

Related: Bipartisan Bill Proposes Cybersecurity Funds for Rural Water Systems

Source…