TRENTON, NJ – The war between Hamas and Israel has hit close to home as Iranian-backed cyberterrorists have announced they are targeting U.S. water systems. They have already hacked into a municipal utility company’s network in Pennsyvlania and are promising more of the same.
The group threatens there are more attacks like the one this weekend in the works. Many utilities along the U.S. eastern seaboard use similar technology in their municipal water systems.
The New Jersey Cybersecurity and Communications Integration Cell, a government-run agency, openly admits New Jersey’s water infrastructure is a prime target for cyber terrorists.
“The NJCCIC assesses with high confidence that the water sector in New Jersey and across the globe will remain an attractive target for a range of cyberattacks designed to disrupt daily operations, steal sensitive data, promote violence toward the community, and encrypt critical operational data,” the agency said.
CyberAv3ngers, an Iranian-backed hacking group, has been targeting Israeli-made hardware and infrastructure all around the world, including inside Israel. The group made the threat on October 30th, but on Sunday, it successfully hacked into and took control of systems operated by the Municipal Water Authority of Aliquippa in Pennsylvania.
The group has previously attacked ten targets within Israel.
“Every equipment made in Israel is Cyb3rAvengers legal target!” the group posted on X, where it has a social media profile. “The CyberAv3ngers will continue their activities, and the worst is coming.”
The group is calling for the end of Israel’s attacks in Gaza and for the resignation of Israeli Prime Minister Benjamin Netanyahu.
NextGOV states, “There are more than 150,000 public water systems in the U.S., and an estimated 80% are publicly owned and operated by municipalities. Water and wastewater systems have faced increased cyber threats in recent years, in addition to new security challenges posed by climate change, growing demand for fixed water supplies nationwide and a critical lack of funding. “
New Jersey State Health Assessment Data states New Jersey has over 600 community water systems which provide drinking water to approximately 87% of the State’s population. The Cybersecurity and Infrastructure Security Agency is responsible for increasing the cyber resiliency of the country’s infrastructure, which includes the Water and Wastewater (WW) Sector. The services and recommendations offered by CISA are not required and can be enacted voluntarily should the purveyor choose to do so. CISA reports only a fraction of more than the 50,000 of the country’s water facilities have taken advantage of CISA’s services. Furthermore, after conducting a survey, CISA found that 1 in 10 (WW) plants have recently identified a critical cybersecurity vulnerability. More than 80 percent of these vulnerabilities included software flaws discovered before 2017, highlighting the lack of cybersecurity expertise in such a critical infrastructure.
“We need to do the work upfront to really prepare for the disruption and anticipate what could be disruptions in the future,” he said. “We need to practice and prepare, not just our response, but really looking at continuity and recovery as well,” said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure Security Agency.
The WW Sector entities have suffered a range of attacks such as ransomware attacks, tampering with Industrial Control Systems, manipulating valve and flow operations and chemical treatment formulations, and other efforts to disrupt and potentially destroy operations. Below are the most recent incidents effecting US WW sector facilities.
- In January 2021, an attacker reportedly took control of a California local water treatment facility and deleted computer programs involved in the treatment of drinking water. The cybercriminal hacked into the plant’s systems using the credentials of former employees, which were used to connect to the TeamViewer remote control software.
- In February 2021, the town of Oldsmar, Florida narrowly avoided a health disaster when cyber criminals allegedly took control of the city’s wastewater treatment facility. The attacker reportedly collected TeamViewer login credentials shared by several employees, and then exploited flaws present within a Windows 7 operating system. This intrusion allowed the cybercriminal to significantly increase the level of sodium hydroxide from 100 parts per million to 11,100 parts per million, making the drinking water extremely toxic. Luckily, facility staff were able to quickly get the situation under control and save 15,000 Oldsmar residents from being poisoned.
- In August 2021, CISA reported malicious cyber actors used Ghost variant ransomware against a California-based WW facility. The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message.
- In July 2021, CISA reported cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer. The treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds.
- In March 2021, CISA reported cyber actors used an unknown ransomware variant against a Nevada-based WW facility. The ransomware affected the victim’s SCADA system and backup systems. The SCADA system provides visibility and monitoring but is not a full industrial control system (ICS).
- In September 2020, CISA reported personnel at a New Jersey-based WW facility discovered potential Makop ransomware had compromised files within their system.
- In March 2019, a former employee at a Kansas-based WW facility unsuccessfully attempted to threaten drinking water safety by using his user credentials, which had not been revoked at the time of his resignation, to remotely access a facility computer.