The attack on the Municipal Water Authority of Aliquippa highlights the vulnerability of critical infrastructure sectors, which have been a focus of the Biden administration’s security efforts. The incident occurred weeks after the Environmental Protection Agency had to withdraw water system audits due to a legal challenge.
Check Point Research identified that the Cyber Av3ngers group exploited Microsoft Exchange vulnerabilities for initial access into systems. Federal authorities, including the FBI and Department of Homeland Security, are leading the investigation into this and other nationwide cyberattacks. The FBI is investigating various incidents and assisting impacted organizations, urging those affected to report to the Internet Crime Complaint Center.
The Water Information Sharing and Analysis Center also issued an advisory about threats to water treatment facilities, noting multiple attacks against facilities in Israel. The Unitronics PLCs are used for critical functions like controlling pumps and chemical flows and gathering compliance data. The hackers reportedly accessed the systems by exploiting system weaknesses, including poor password security and internet exposure.
CISA recommends several immediate steps for organizations, including changing default passwords, requiring multifactor authentication, disconnecting PLCs from the open internet or using firewalls/VPNs for remote access, backing up logic and configurations, and using a different TCP port than the default TCP 20256.
Source: Cybersecurity Dive
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.