Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label HMI. Show all posts
Ransomware
American Water Works Cyber Attacks Data HMI IT system Ransomware

American Water Works faces Cyberattack





American Water Works, the country's largest provider of water services to 14 states, recently reported that it was cyber attacked on its information technology system. The current report has indicated that operational technology systems that control delivery of water within the company are not affected. As reported by Bloomberg, the company disclosed to shareholders in a filing with the U.S. Securities and Exchange Commission which forced the company to temporarily suspend billing and limit customer support.

On its website, the American Water Works explained its statement in announcing that certain systems were turned off in an attempt to prevent more damages on its customers' information. Its MyWater online service has been temporarily halted, thus stopping billing processes until the systems can be brought back online. The company assured that water quality is not affected and safe for drinking. Whether the customers' information was accessed remains a determination to be made.

Response to the Incident

The company cannot yet fully assess the impact of the incident but confirms that its water and wastewater operations are unaffected. American Water Works first detected unauthorised activity in its networks on October 3. Upon discovery, the company activated its cybersecurity response protocols and sought the assistance of third-party cybersecurity specialists to help contain and investigate the incident. Law enforcement was notified promptly and are actively involved in ongoing inquiries.

The company's IT teams are scrambling to protect data by isolating some systems that might prevent any possible damage. The exact nature of the attack is still unknown, but such cases of ransomware attacks scare cybersecurity experts, who have noted recent instances in which hackers carried out ransomware attacks. The separation of the IT network from the OT networks by the company, a critical step in cybersecurity for critical infrastructures, may have allowed it to contain the spread of the attack that did not penetrate the core operations.


Cyber Threats Against Water Utilities

The incident is part of a worrying trend of cyberattacks on water utilities. Just two weeks back, a Kansas water utility fell under similar attacks, reviving the renewed debate on protection of critical services. According to a report by Cyble, a cybersecurity firm, groups such as Russia-linked People's Cyber Army are increasingly threatening the water sector through cyber attacks. The report has identified significant vulnerabilities and pointed out that many US water utilities are using outdated systems and those lacking in their cybersecurity practices.

Notably, a similar alarm is sounded by the latest GAO report against the Environmental Protection Agency, which presses for better cybersecurity requirements in water utility providers. A review of the water utilities through inspections reported that almost 70% of them don't comply with basic cybersecurity guidelines, which puts it at the risk of a potential disruption in its operations or even contamination. Cyble's research calls out for contemporary security measures such as network segmentation and strengthening of controls over control systems, among others.


Experts recommend network segmentation for water utilities to separate IT from OT systems; also HMIs that can lock down their monitoring systems. As more and more water utilities bring their systems onto the internet, the chance of cyber threats increases continually. Even as American Water Works works through its recent cyber incident, pressure is growing throughout the industry to harden its defences and protect critical infrastructure in a manner that ultimately protects public health.

Recently, the American Water Works was attacked via a cyber attack that portrays a need for stronger cybersecurity practices in the water industry. As attacks increase in terms of frequency and complexity, companies must implement strong security measures to protect the essentials and assure the public regarding the safety of delivering water.


Read more »
Weintek
CISA HMI Vulnerabilities and Exploits Weintek

Weintek’s HMI Found with Vulnerabilities which can Allow Attackers to Exploit Devices

 

Weintek's human-machine interface (HMI) products include three types of critical vulnerabilities, according to a cybersecurity researcher - who specializes in industrial control systems (ICS). 

Customers should download relevant patches and follow measures to mitigate risks, according to a technical advisory posted by the company. The risk of abuse is higher if the devices are linked to an open network, according to the study. Customers can disconnect the devices from the network and update the operating system if the device is accessible by an open network. While devices that are not attached to an open network cannot be compromised, consumers are still encouraged to update their operating systems. If a computer can be accessed via a public IP address, it is said to be exposed to an open network. 

Marcin Dudek, a senior ICS/OT security researcher at Poland’s CERT Polska, identified the flaws; the security flaws have also been discovered in the Weintek cMT products', EasyWeb, web-based configuration interface. HMIs (including screen-less HMIs), programmable logic controllers (PLCs), and gateways are all the affected products. 

A remote, unauthenticated attacker may use the flaws to conduct malicious JavaScript code with root privileges (CVE-2021-27446), remotely access critical information, and perform actions on behalf of an admin (CVE-2021-27444) and conduct malicious JavaScript code through a stored XSS vulnerability (CVE-2021-27442). 

There are even more than 170 cMT HMIs linked directly to the internet, according to Dudek, with networks located in Europe, Asia, and North America. According to the researcher, an attacker may exploit the first two flaws by sending a single query to the targeted computer. An attacker could take advantage of CVE-2021-27444 to extract the administrator password hash. 

In the worst-case scenario, an attacker might use the bugs to gain full control of the targeted system with root privileges, which could have significant implications in the actual world. 

“Having such high privileges, an attacker can have unlimited access to all functions of the HMI,” Dudek explained. “It could also be used as a proxy to get access to the internal network of an organization, or to have direct access to other industrial devices in the same network, such as PLCs.” 

Dudek also said that “he worked well with the vendor during the disclosure process. He said it took roughly two months to release all patches, but most of the fixes were ready one month after he reported his findings.” 

The impacted items are mainly used in the water and commercial facilities industries, according to the US Cybersecurity and Infrastructure Security Agency (CISA), which released an advisory for the Weintek CMT vulnerabilities this week.
Read more »
Subscribe to: Posts (Atom)