The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about rising cyber threats against operational technology (OT) and industrial control systems (ICS), particularly in critical sectors such as water and wastewater. These systems are vulnerable to attacks due to exposed devices, with threat actors often exploiting default credentials or using brute force methods to gain unauthorized access. CISA’s advisory underscores the potential for cybercriminals to cause significant harm if these vulnerabilities are not addressed, highlighting the importance of securing OT/ICS environments from growing risks.
Earlier in February, the U.S. government imposed sanctions on six individuals associated with the Iranian intelligence agency for targeting critical infrastructure entities worldwide. The cyberattacks primarily focused on compromising Israeli-made Unitronics Vision Series programmable logic controllers (PLCs), which were exposed to the internet through the use of default passwords. This incident emphasizes the ongoing threat to OT systems and the need for proactive measures to mitigate such risks.
In response to these threats, industrial cybersecurity company Claroty has open-sourced two tools, PCOM2TCP and PCOMClient, to assist in extracting forensic data from Unitronics-integrated human-machine interfaces (HMIs) and PLCs. These tools aim to help organizations identify and respond to vulnerabilities in exposed OT systems, especially those with inadequate security features. By converting serial communication messages and enabling direct querying of PLCs, these tools are valuable resources for organizations looking to secure their OT environments.
Moreover, Claroty has raised concerns about the increasing use of remote access solutions in OT networks, warning that excessive deployment can create security and operational risks. A significant portion of organizations rely on multiple remote access tools to connect their OT systems to external networks, leading to expansive and complex attack surfaces. Experts recommend minimizing the use of low-security remote access tools and ensuring that systems are protected with features like multi-factor authentication (MFA) to enhance overall security.
Reference:
