Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Hackers successfully breached a water utility’s control system

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 24, 2016

Hackers successfully breached a water utility’s control system and managed to change the critical levels of the chemicals being used to treat drinking water.

The incident against a company, referred to by the pseudonym "Kemuri Water Company" in an unspecified country was included in this month’s breach report from Verizon Security solutions.

A so-called hacktivist group with ties to Syria successfully infiltrated the Kemuri Water Company’s system after exploiting unpatched internet security vulnerabilities in its internet-facing customer payment portal.

The attack, which involved SQL injection and phishing, critically exposed KWC's aging IBM's AS/400-based operational control system because login credentials for the AS/400 were stored on the front-end web server.

This system, which was connected to the internet, managed programmable logic controllers (PLCs) that regulated water valves and ducts that controlled the flow of water and chemicals used to treat it through the system.

Many critical IT and operational technology functions ran on a single AS-400 system, a team of computer security forensic experts from Verizon subsequently concluded.

Our endpoint forensic analysis revealed a linkage with the recent pattern of unauthorized crossover. Using the same credentials found on the payment app webserver, the threat actors were able to interface with the water district’s valve and flow control application, also running on the AS400 system.

We also discovered four separate connections over a 60-day period, leading right up to our assessment.

During these connections, the threat actors modified application settings with little apparent knowledge of how the flow control system worked.

In at least two instances, they managed to manipulate the system to alter the amount of chemicals that went into the water supply and thus handicap water treatment and production capabilities so that the recovery time to replenish water supplies increased. Fortunately, based on alert functionality, KWC was able to quickly identify and reverse the chemical and flow changes, largely minimizing the impact on users. No clear motive for the attack was found.

To be sure, Verizon's RISK Team uncovered evidence that the hacktivists had manipulated the valves controlling the flow of chemicals twice, though fortunately to no particular effect. It seems the activists lacked either the knowledge of SCADA systems or the intent to do any harm.

The same hack attack also resulted in the exposure of personal information of the utility’s 2.63 million customers. There’s no evidence that this has been monetised or used to commit fraud, at least not yet.

Nonetheless, the whole incident highlights the weaknesses in securing critical infrastructure systems, which often rely on legacy, outdated or very insecure setups.

Monzy Merza, Splunk’s director of cyber research and chief security evangelist, commented: “Dedicated and opportunistic attackers will continue to exploit low-hanging fruit present in outdated or unpatched systems. We continue to see infrastructure systems being targeted because they are generally under-resourced or believed to be out of sync with today's reality on the inter-connected world we now live in.”

“Beyond the clear need to invest in intrusion detection, prevention, patch management and analytics-driven security measures, this security breach underscores the importance of actionable intelligence. Reports like Verizon’s are important sources of insight. Organizations must leverage this information to collectively raise the bar in security to better detect, prevent and respond to advanced attacks. Working collectively is our best route to getting ahead of attackers,” he added.

Reports that hackers have successfully breached water treatment plants are rare but not unprecedented, and will most likely escalate given today's insecure terrorist environment.

For example, computer screenshots posted online back in November 2011 purported to show the user interface used to monitor and control equipment at the Water and Sewer Department for the City of South Houston, Texas by hackers who claimed to have breached its systems.

The claim followed attempts by the U.S. Department of Homeland Security to dismiss a separate water utility incident claim days earlier.

More recently, hackers caused serious damage after breaching a German steel mill and wrecking one of its blast furnaces, according to a German government agency.

Hackers got into various production systems after tricking victims with spear phishing emails, said the agency.

Spear phishing also seems to have played a role in attacks lining the Black Energy malware against power utilities in the Ukraine and other targets last December.

The malware was used to steal user credentials as part of a complex attack that resulted in power outages that ultimately left more than 200,000 people temporarily without power on December 23, 2015.

Source: Verizon.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer