Recent searches
Search options
Administered by:
Federal investigators confirm multiple US water utilities hit by hackers
US and Israeli authorities confirmed that hackers had “accessed multiple US-based” water facilities that operate the Israeli-made equipment, likely by breaking into internet-connected devices with default passwords. The US and Israeli government agencies blamed hackers affiliated with the Islamic Revolutionary Guard Corps, a military branch of the Iranian government, for the activity.
https://www.cnn.com/2023/12/01/politics/us-water-utilities-hack/index.html
re: Hackers had “accessed multiple US-based” water facilities
Why are the water facilities leaving the internet-connected device passwords at the manufacturer default password?
The EPA and state EPA's/water control boards need to get on this ASAP. Get the rest changed! #InfoSec #Hacking #Security #CyberSecurity
Regardless who is doing the hacking, terrorists or others, blame squarely should be with the teams operating these with default passwords.
https://www.cnn.com/2023/12/01/politics/us-water-utilities-hack/index.html
@paul @UROCKlive1 https://www.darkreading.com/ics-ot-security/epa-water-utility-cyber-regulations
They tried to do something....
@itsec2033 @UROCKlive1
Of course the EPA tried to protect our water systems from cyber-attack and of course the threats of a cascade of legal challenges from industry groups and conservative state attorneys general made them rescind the rules. (snark tone)
I hope this is thrown in every conservative's face when they start complaining about the hackers that had accessed multiple US-based water facilities over the Gaza-Israel war.
Thanks for the link.
@UROCKlive1 @oldredsubby I blame the manufacturers. Why are there even global default passwords from manufacturer? That’s absurd. It’s not as though water supply equipment is a consumer product that you sell millions of. They are special purpose and require integration for each application. Shipping such equipment with a single known default password is just asking for trouble. No life-critical equipment should leave the manufacturer’s facility until it has been secured.