A joint Cybersecurity Advisory (CSA) has been released concerning repeated cyber activities against Israeli-made Unitronics Vision Series programmable logic controllers (PLCs).
Beginning on November 22, these PLCs, commonly found in water and wastewater facilities in the U.S., were being targeted by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors known as “CyberAv3ngers”, according to the Cybersecurity and Infrastructure Security Agency (CISA). The PLCs can also be found in other industries such as energy, food and beverage manufacturing, and healthcare.
“These PLC and related controllers are often exposed to outside internet connectivity due to the remote nature of their control and monitoring functionalities,” CISA says in the CSA. “The compromise is centered around defacing the controller’s user interface and may render the PLC inoperative. With this type of access, deeper device and network level accesses are available and could render additional, more profound cyber physical effects on processes and equipment.”
CISA recommends these immediate steps that network defenders at facilities can take to mitigate these cyberattacks:
Following up on the mitigative steps, CISA stresses that exercising, testing and validating an organization’s security protocols is crucial. They also highlight testing existing security controls to see how they do against the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) techniques identified in their advisory.
This CSA recommends the six following steps for getting started:
Jeff Wardon, Jr. is the assistant editor for the facilities market.
