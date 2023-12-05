Could SA water control systems be impacted by global hack originating in Iran?
South Africa's water and sewage control systems among others, could potentially be impacted by a global hack reports MyBroadband.
According to the Shadowserver Foundation, a nonprofit security organisation, the country is among those most impacted by a recent attack on Unitronics programmable logic controllers, or PLCs.
This news follows an advisory warning issued by the US Cybersecurity and Infrastructure Security Agency (CISA) that an Iranian hacking group had exploited 'weaknesses' in these controllers, says the article.
"CISA stated that, in addition to water and wastewater systems, the targeted Unitronics PLCs are also used in energy, food and beverage manufacturing, and healthcare" writes editor Jan Vermeulen.
In an earlier alert, the Agency said a U.S. water facility had been breached through a Unitronics PLC.
ICYMI: We published a joint advisory w/ @FBI, @NSACyber, @EPA, & @Israel_Cyber, to alert orgs about active exploitation of PLCs in U.S. Water and Wastewater Systems facilities. 🚰 Learn how to protect your network: https://t.co/087UYjCIW4 pic.twitter.com/Pw9g3of8Ln' Cybersecurity and Infrastructure Security Agency (@CISAgov) December 4, 2023
Motheo Khoaripe (in for Bruce Whitfield) gets more detail from Vermeulen on The Money Show.
Vermeulen emphasizes that there is still a lot of uncertainty around this story.
RELATED: Hackers claim data stolen from 2 of SA's biggest credit bureaus, demand millions
"We don't know exactly what these PLCs are controlling, and nobody is saying anything, and for good reason."
Because of these circumstances, it's left open to speculation what our exposure might be in South Africa, he says.
PLCs are usually used in industrial-type control systems. These specific Unitronics PLCs are used in water and sanitation, so water and sewage works which they call water and wastewater... They're also used in the energy sector, so Eskom and local municipalities that do electricity distribution potentially... and in food and beverage manufacturing which we also have in SA.Jan Vermeulen, Editor - MyBroadband.co.za
So there are a huge number of industries and utilities here in South Africa that COULD be impacted by this attack.Jan Vermeulen, Editor - MyBroadband.co.za
At least 539 Unitronics PLC instances (port 20256/tcp) still publicly exposed worldwide (2023-12-02 scan). Unitronics PLC instances have been targeted recently as part of attacks against Water & Wastewater systems. (see @CISACyber @WaterISAC alert: https://t.co/OywIVYxo8o) pic.twitter.com/XgYrRZbfBm' Shadowserver (@Shadowserver) December 3, 2023
He says that according to the CISA advisory, a US water facility was impacted by this exploit and they had to switch it over to manual control.
This means that people's water quality was not impacted by the attack, but the implication is that it could have been had there not been a swift response.
The group call themselves the 'CyberAv3ngers'... CISA and the FBI, NSA, and the Israel National Cyber Directorate have essentially established that they are an Iranian state-sanctioned hacking group.Jan Vermeulen, Editor - MyBroadband.co.za
State-sanctioned hacking's happening all over now. Iran has groups, Russia has groups, China has groups, and I'm sure the US themselves are not above using hacking groups, though they tend to keep their capabilities within their three-letter agencies.Jan Vermeulen, Editor - MyBroadband.co.za
Vermeulen explains that Shadowserver did just a basic sweep of the specific ports on which these PLCs 'talk', to see if they could find any on the open Internet.
While these controllers are not supposed to be accessible in this way, Shadowserver were able to find at least 539 Unitronics PLC instances that remained publicly exposed worldwide.
The US is only about fifth or fourth on the list and South Africa is tied for ninth place with three other countries, so we're right in the top of countries with 15 of these instances exposed. Even though 15 doesn't sound like a big number when you're talking about individual control systems like this, that's huge!Jan Vermeulen, Editor - MyBroadband.co.za
The whole reason for the brouhaha over this, is to get whoever looks after these PLCs to wake up and go to these facilities or installations and update them, so that they are no longer vulnerable. With the hack and how the exploit worked starting to filter into the public domain, it means that, while maybe Iran has no interest in attacking SA, someone else might.Jan Vermeulen, Editor - MyBroadband.co.za
MyBroadband say they contacted Water Affairs Minister Senzo Mchunu and the Department of Water & Sanitation for comment, but neither responded by the time of publication.
To hear more, listen to the interview audio at the top of the article
This article first appeared on CapeTalk : Could SA water control systems be impacted by global hack originating in Iran?
