Water Systems Sitting Ducks As Cyberattacks Expose Infrastructure Vulnerabilities
Washington D.C. – A sinister hacking collective with ties to Iran has compromised multiple organizations across the U.S. by exploiting security flaws in an Israeli-made industrial control system, federal cybersecurity officials revealed Friday.
The Cybersecurity and Infrastructure Security Agency (CISA) reported that hacking outfit “CyberAv3ngers” has actively targeted facilities using Unitronics programmable logic controllers. The Iran-linked group has overwritten display screens with anti-Israel propaganda upon accessing the devices.
While Unitronics controllers see predominant use in water treatment infrastructure, CISA warned energy companies, food producers, and healthcare organizations have also fallen prey. The agency said the devices were left exposed on the public internet with unchanged default passwords.
So far intrusions have impacted less than 10 water utilities, according to CNN. But the attacks reveal sobering vulnerabilities as scores of municipal systems rely on such Israeli-made tech.
The disclosure follows a CyberAv3ngers’ breach of the municipal water system in Aliquippa, PA on November 25th. Though officials maintained the town’s water remains safe, the incident exposed how susceptible critical sites are to virtual sabotage.
“If a hack like this can happen here in Western Pennsylvania, it can happen elsewhere in the United States,” Pennsylvania lawmakers wrote in a letter asking the Justice Department to fully investigate the spate of infrastructure cyberattacks.
The episodes further illustrate the shadowy cyberwar still raging between Israel and Iran alongside their conflict on the ground. Experts say over 150 hacking collectives aligned to both sides continually seek to leak data, disrupt companies, and even collect user information to enable future attacks.
Faced with the widening cyber threat, Israeli parliament granted new emergency powers allowing the government to intervene if cloud computing and data storage firms fall victim to hackers. But U.S. infrastructure remains alarmingly exposed as Iranian operatives like CyberAv3ngers rifle through computer systems managing resources fundamental to public health and safety.
The attacks should serve as an urgent call to action for admins to update login credentials on devices networked to water purification, power grids, and other critical sites. Though no catastrophic disruptions have hit yet, officials admit that as hackers become more sophisticated, preventing intrusions will only get harder. For now, the door remains perilously ajar.
Image by jcomp on Freepik
As Editor-in-Chief of Southwick News, Dhruv Patel combines his background in computer science from UC Berkeley with his Stanford journalism training to pioneer innovative approaches to digital news delivery.