Posted in Beijing 2023-12-11 15:27.
The recent cyberattacks by Iranian hackers on the U.S. water sector, as well as a series of ransomware attacks targeting the healthcare industry, should be seen as a call to action by utilities and industry to strengthen cybersecurity, Defense Headlines said on December 11.
Anne Neuberger, deputy U.S. adviser, said the recent attacks by the Iranian hacker group Cyber**3NGERS against multiple U.S. groups were "not sophisticated" and had a "minimal" impact on operations. But Mr. Newberg said the attacks were a new warning that U.S. companies and critical infrastructure operators "are facing a sustained and robust wave of cyberattacks from hostile states and criminals" and that such attacks are not going away.
Newberg, who serves as Joe Biden's senior adviser on cyber and emerging technologies, said: "Some very basic practices can make a big difference. We need to lock our digital doors. There is a significant threat of crime, and there are countries that are able to do so — especially the threat of crime — that has taken a huge toll on our economy. ”
The U.S. and Israel released an advisory confirming that hackers had "accessed multiple U.S.-based" water facilities running Israeli-made equipment, most likely by hacking into internet-connected devices using default passwords. U.S. and Israeli agencies accuse hackers affiliated with Iran's military wing, the Islamic Revolutionary Guard Corps, of being involved in the event.
The U.S. and Israel** allege that the hackers had ties to Tehran's Islamic Revolutionary Guard Corps and that they hacked multiple organizations in multiple states, including a small municipal water authority in Aliquita, a small town in western Pennsylvania. The hackers say they specifically target organizations that use programmable logic controllers made by the Israeli company Unitronics, which are commonly used in water and water treatment utilities.
Aliquita Municipal Water Authority Director Matthew Mottes, who found out on Nov. 25 that he had been hacked, said the federal ** had told him that the same group had also hacked four other utility companies and an aquarium.
The Aliquippa hack caused crews to temporarily stop pumping water from a remote station that regulated water pressure in two nearby towns, causing crews to switch to manual operations.
The hacking attacks began on Nov. 22 as tensions between the United States and Iran were exacerbated by the two-month war between Israel and Hamas, authorities said. Tehran supports Yemen's Houthi rebels, who attacked merchant ships and threatened U.S. ships in the Red Sea, the White House said.
Iran is a major sponsor of Hamas, the militant group that controls Gaza, and the Houthi rebels in Yemen.
The U.S. said it had found no information suggesting Iran's direct involvement in Hamas's Oct. 7 attack on Israel, which triggered a massive retaliatory action by the Israel Defense Forces in Gaza. But Biden has increasingly expressed concern about Iran's attempts to expand the Israeli-Hamas conflict through human organization.
Newberg declined to comment on whether the Iranian hacking group's recent cyberattacks heralded more hacking by Tehran against U.S. infrastructure and companies. However, she said the moment highlights the need to strengthen cybersecurity efforts.
The Iranian "Cyber Avengers" attack follows a federal appeals court ruling in October that prompted the EPA to spew a rule requiring U.S. public water systems to include cybersecurity testing in regular federally mandated audits. The rollback was triggered by a federal appeals court ruling in cases filed in Missouri, Arkansas and Iowa, which was joined by a water utility organization.
Newberg said the measures to strengthen the cybersecurity of water systems set out in the scrapped rules may have "uncovered vulnerabilities that have been targeted in recent weeks."
Earlier this year, the United States** unveiled a wide-ranging cybersecurity plan calling for stronger protections for critical sectors and holding software companies legally accountable if their products don't meet basic standards.
Newberg also noted that recent criminal ransomware attacks have devastated the healthcare system, and he believes the attacks highlight the need for the industry to take steps to strengthen cybersecurity.
The recent attack on Ardent Health Services prompted the health care chain, which operates 30 hospitals in six states, to move patients from some emergency rooms to other hospitals while delaying certain elective surgeries. Arden said it was forced to shut down its network after the Nov. 23 cyberattack.
A recent global study conducted by cybersecurity firm Sophos found that nearly two-thirds of healthcare organizations suffered a ransomware attack in the year to March, twice as many as two years ago but down slightly from 2022.
*It has been prioritized. We're rolling out actionable information. We're rolling out recommendations," Newberg said, "and we do need collaboration between state and local** and companies that operate critical services to quickly adopt and implement these recommendations." ”