The UK's National Cyber Security Centre (NCSC) has warned of the active exploitation of Unitronics programmable logic controllers (PLCs), used extensively across the water sector.
The statement follows a similar alert from the US Cybersecurity & Infrastructure Security Agency (CISA) earlier this week, with the NCSC recommending that organizations should follow its guidance.
"The NCSC has warned for some time of the enduring threat to the UK’s critical national infrastructure," says Jonathon Ellison, NCSC director for national resilience and future technology.
"Our US counterparts, CISA, have issued an advisory outlining a threat against the water sector. We are notifying UK providers of this threat, and recommend they protect consumers by following the mitigation advice set out by CISA."
Water and waste water facilities use PLCs to control and monitor various processes, including turning on and off pumps to fill tanks and reservoirs, flow pacing chemicals to meet regulations, gathering compliance data for monthly regulation reports, and announcing critical alarms to operations.
While the NCSC says that the exploitation is of ‘limited sophistication’ and is highly unlikely to cause any disruption to water supplies, there is a potential risk to some small suppliers.
The CISA advisory follows an attack on an unidentified US water facility, in which the attackers appear to have accessed the affected device — a Unitronics Vision Series PLC with a Human Machine Interface (HMI) — by exploiting poor password security and exposure to the internet.
The facility, says CISA, immediately took the system offline and switched to manual operations, meaning that there was no known risk to the drinking water or water supply.
But to prevent other attacks, it says, users should change all default passwords on PLCs and HMIs, require multifactor authentication for all remote access, including from the IT network and external networks, and disconnect the PLC from the open internet.
RELATED RESOURCE
Want a better CASB and stronger DLP? Starts with the right foundation.
They should also back up the logic and configurations on any Unitronics PLCs to enable fast recovery, where possible utilize a TCP port other than the default TCP 20256 port and update PLC/HMI to the latest version.
The alert follows a recent NCSC report that warned that the UK’s critical sectors, including the water industry, are facing an 'enduring and significant’ threat.
"The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech," says NCSC CEO Lindy Cameron.
"Beyond the present challenges, we are very aware of the threats on the horizon, including rapid advancements in tech and the growing market for cyber capabilities."
In summer last year, South Staffs Water fell victim to hackers who were able to access the names and addresses of account holders, along with the sort codes and account numbers used for direct debit payments. Shortly after, a ransomware group claimed it was possible to tamper with water supplies.
And in the US, there have been a number of attacks, including the breach of a water authority near Pittsburgh which affected the water pressure in nearby towns. The attack is believed to have been carried out by hacktivists aligned with the government of Iran.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
-
"Thinly spread": Questions raised over UK government’s latest cyber funding schemeThe funding will go towards bolstering cyber skills, though some industry experts have questioned the size of the price tag
-
State-sponsored cyber crime is officially out of controlNews North Korea is the most prolific attacker, but Russia and China account for the most disruptive and tightly-targeted campaigns
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
The NCSC and FBI just issued a major alert over a state-backed hacker group – here’s what you need to knowNews State-affiliated attackers are targeting individuals via spear-phishing techniques, according to the NCSC
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
The NCSC wants to know how your business is using honeypots to combat hackersNews The NCSC hopes to encourage the use of cyber deception techniques within the UK, across government and critical national infrastructure
