An Iran-linked hacking group called CyberAv3ngers has attacked multiple U.S. water treatment facilities for using an Israeli-made computer system. The group took control of video screens with the message, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”
The attack spanned multiple states, affecting about ten facilities. The compromised control machines were disabled, but the water supply was unaffected.
Why Did CyberAv3ngers Attack U.S. Infrastructure?
In this particular instance, the United States is just a bystander. The attack was targeted towards Israeli-made equipment, not the U.S. specifically. Any country that owns this equipment is a potential victim. It isn’t uncommon for allies of a nation in conflict to be ancillary targets.
At the same time, it’s not a stretch to imagine that the attackers cherry picked the United States because of the notoriety and media attention the attacks would receive.
Fortunately, the attackers were merely seeking to disrupt Israeli-made equipment. They weren’t attempting to shut down the water supply. If CyberAv3ngers’ goal had been more destructive, the attack could have been disastrous.
For example, if the control devices have safety limits, CyberAv3ngers could have altered or turned off those limits. For the systems that were attacked, the critical infrastructure itself could have been damaged or possibly destroyed.
U.S. Infrastructure Is Vulnerable
Infrastructure control systems in the U.S. have many components that are relatively old, and the people who know how to manage and maintain the equipment are retiring. Critical knowledge is being lost. To replace and modernize the equipment would be astronomically expensive. It would involve water supply and water treatment, traffic control, gas, electrical grids, railroads, and more — for every community in the country.
All this means that it isn’t easy for critical infrastructure entities to go in and quickly make necessary changes to fortify their security stance. Businesses can move much more nimbly to protect themselves.
It’s a challenging problem that critical infrastructure faces, and this relatively minor CyberAv3ngers attack should serve as a wakeup call.
That said, there are basic security hygiene improvements that can be easily made. For example, all of these attacks occurred because the facilities were still using the default, factory installed passwords. Simply setting a strong, unique password could have prevented these particular attacks from CyberAv3ngers. This is Security Compliance 101.
TCT proves compliance doesn't have to suck.
Check out the TCT podcast:
Are You Vulnerable to a CyberAv3ngers Breach?
Certainly, there are lessons to be learned. It’s always important to be cognizant of your affiliations in relation to world conflict. This recent attack is simply a bright shining example of the kinds of attacks that can occur if a nation or an organization is associated with a certain political entity.
It’s a good idea to keep an eye on the world stage and to consider any ripple impacts that could potentially occur if your organization is in any way associated with an involved party. You might own equipment that was built by one of those parties, or you could have a vendor who is directly or indirectly associated with a party.
Build that exercise into your business continuity and disaster recovery planning. Be thoughtful, be prepared, but don’t panic. If you’re doing your due diligence to protect your organization, you’re already placing yourself in an improved position.
Your Organization Could Be in Danger, If…
If your organization isn’t already taking cybersecurity seriously and going up against robust compliance standards, you’re at risk. There are a tremendous number of companies out there that are in denial, or simply don’t have the knowledge of what they should be doing. They may think they couldn’t be a target because they’re too small or they don’t have anything of value.
The fact is, your organization is in danger. Attackers don’t target big companies or billion-dollar organizations exclusively. Their attacks are often random, and small businesses are getting hit just like global enterprises.
When it comes to politically motivated attacks, anyone associated with “the enemy” is considered a legitimate target in the attacker’s eye.
Related: These Red Flags Could Mean You’ve Been Breached
The most sophisticated and destructive cyberattacks are those sponsored by nation states. You don’t want to get caught in those crosshairs. Be prepared. Make it your top priority to get your company compliant with a security standard, before it’s too late.
Need help figuring out your first steps toward a solid cybersecurity stance? Total Compliance Tracking can help you get there. We have the resources you need, and we can refer you to amazing Consultants and Assessors as well.
Get equipped with insider expertise
Subscribe to the TCT blog
