25 Mar 2016

Water Treatment Plant Hit by Cyber-attack

It appears not even H2O is safe from cyber-criminals following a recent attack on a water treatment plant.

According to a news report from International Business Times, hackers were able to change the levels of chemicals used to treat tap water during an attack on the outdated IT network of the plant (currently given the fake moniker "Kemuri Water Company" (KWC) due to the sensitive nature of the breach), exploiting its web-accessible payments system and using it to access the company's web server.
Security researchers Verizon Security Solutions were the ones who unearthed the attack after KWC asked the company to look into unauthorized access to its operational technology systems and unexplainable patterns of valve and duct movements that seemed to be manipulating hundreds of Programmable Logic Controllers. The firm’s investigators noticed the IP addresses of the attackers matched that of hackers previously linked to other hacktivist campaigns and it is believed the criminals may have had motives concerning Syria.
Verizon, who included the incident in this month’s breach report, said that although the criminals gained access to the personal and financial records of over 2.5 million customers, the hackers have not sought to use the details and suggested that they may not have even been aware that they were affecting water chemical levels at all. 
Luckily, KWC was able to reverse the changes before customers were affected and apparently nobody got ill – but clearly the attack had the potential for far more serious ramifications.
This is not the only attack on critical infrastructure that we have seen recently, with various Ukrainian power companies and Israel's Electricity Authority falling victim to breaches in the last few months.
“Attacks on critical manufacturing and infrastructures are becoming more common,” Yoni Shohet, Co-Founder & CEO of SCADAfence told Infosecurity, citing increasing connectivity between the IT and operational technology environments as a key factor in the exposure of insecure networks to new risks.
“For companies these attacks can mean significant loss of revenue, reputation damage and loss of competitive edge. For customers, in a worst case scenario situation, these breaches could potentially be deadly. Imagine if products that we consume every day such as drugs, food and water are tampered and manipulated by malicious hackers, the results could be devastating,” he added.
Shohet went on to say that with the use of proper risk management and monitoring tools attacks such as the breach on KWC could be avoided, or at least detected quicker.
“The fact the chemical process was changed and only then the company was able to detect the breach clearly shows that the company did not properly monitor the connections between the IT and OT environments and that they did not monitor the usage of the devices controlling their mission critical systems.”