Hackers Target PLCs and SCADA Systems at Water Facilities in Israel

May 08, 2020 by Alessandro Mascellino

The Israeli Government has issued a security alert last week after hackers targeted SCADA systems across the country.

The attacks were recorded at various facilities and were particularly directed at wastewater treatment plants, pumping stations, and sewage facilities. The alert was issued by Israel’s National Cyber Directorate, the country’s first line of cyber defense for civilians.

As a direct consequence of the attacks, the Israeli Water Authority advised companies in the water sector to promptly step up their security measures.


Targeting SCADA Systems

Information about the specific facilities targeted in these attacks has not been publicly disclosed by the Israeli authorities.

However, it is understood the attacks may have been orchestrated by a Gaza-based, anti-Israel hacktivist group identifying as the Jerusalem Electronic Army, together with Gaza Cybergang, an organization with links to the terrorist group Hamas.

According to cybersecurity firm Radiflow, the attacks were started by a malicious actor exploiting a weak or default password to access various network elements and gaining initial access remotely to the facilities.


water treatment facility

Electric motors driving water pumps of waste water treatment system. 


The Tel-Aviv based firm explained that, because the targeted facilities were small sites connected to the internet via cellular-based communication, they were probably not equipped with proper security measures.

Furthermore, there would also be evidence that security protocols may have been broken in the supply chain, providing the water facilities with unsafe software and hardware equipment. Finally, Radiflow said it is believed “that physical on-site evidence helped detect this attack”.


Uncertain Agendas

It is not the first time hackers have targeted industrial facilities to disrupt operations, and while the damage assessment behind these attacks can be more or less clear, the motifs behind them are usually more nebulous.

According to Radiflow, there was no particular reason to exploit the kind of utility found in the hacked water sector facilities, so the company assumed the purpose behind the attacks had to be related to disrupting critical operations at the time somehow favorable to the attack group.

Whatever the agenda of the attacker was, Israeli Water Authority officials have now issued a memo ordering all personnel of the affected facilities to immediately change the passwords to their systems, particularly the operating system and the chlorine control. The memo also warned that if said passwords could not be changed, the systems should be disconnected from the internet entirely.

Commenting on the news, the head of the Water Authority's security department Daniel Lacker told the head of the cyber department Avi Azar that "We have received a number of reports regarding a cyber attack on the systems. No damage was reported during the incident." To ease the mind of workers and media alike, Lacker added that, despite the attacks, Water Authority cyber experts are constantly facing these threats and are prepared to counter them.

"The subject of attempted cyberattacks is not new and is constantly addressed by the appropriate experts."


What do you think of these attacks and are your company’s IT system secure?