An Iranian hacking group gained passage to an unsafe Israeli water facility ICS. The hackers also posted the video on the internet to show the credibility of the attack. Experts, informed an Iranian hacking group hacked into the HMI.Taking advantage of the insecure HMI system, hackers gained access and later posted the video.
The reservoir’s HMI system was connected directly to the internet, without any security appliance defending it or limiting access. Furthermore, at the publication time, the system did not use any authentication method upon entry. It gave the attackers easy access to the design and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature, and more. All the adversaries needed was a connection to the world-wide-web and a web browser.
By gaining access, it might have let the hackers communicate with the water facility’s process. For this, the hackers may have modified the parametric values like temperature and water pressure. The administrators secured the system on December 2; however, the system was still unprotected online. OTORIO says, “however, the system is still accessible through the internet without any barrier. Although this may prevent unskilled adversaries from accessing the system, those with a minimal toolbox can most likely compromise the system.”
As of now, experts don’t know if the attack caused any damage. Cybersecurity experts believe the hacking group behind the attack is “Unidentified Team,” which posted the video on its Telegram channel. In the Israeli reservoir case, even minimal steps, such as authentication and restricting access, were not taken. This led to an easy compromise of the system. To fully protect SCADA devices, a more active approach should be applied. This includes secure remote access, access restriction based on Firewall rules, and active defense-in-depth methods.