Israel

An Iranian threat-actor published a video of a breach in an Israeli reclaimed water reservoir HMI system. According to industrial cybersecurity firm OTORIO, the hackers accessed a human-machine interface (HMI) system that was directly connected to the internet without any authentication or other type of protection. The target was apparently a reclaimed water reservoir. “This gave the attackers easy access to the system and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature and more. All the adversaries needed was a connection to the world-wide-web, and a web browser,” OTORIO said in a blog post.

The Israeli government revealed that wastewater treatment plants, pumping stations and sewage facilities across the country were targeted in a coordinated attack on April 24 and 25. Sources told SecurityWeek that the attackers targeted programmable logic controllers (PLCs) used to control valves. The changes made to the PLC logic were valid, which indicates that the attackers knew exactly what they were doing. The attack may have been discovered after the compromised PLCs caused suspicious valve changes, but it’s unclear if the attackers were trying to cause damage by tampering with valves or if they made an error that led to their discovery.

According to reports, among the affected systems are the hospital’s electric doors, as well as the patient registry system - which severely hampered the medical center's ability to receive and discharge patients. Some non-urgent procedures were canceled, but most of the hospital’s work continued using alternative IT systems and pen and paper. Cybersecurity experts said the hospital did not deploy the best possible security options, making it vulnerable to attack.

The hospital was back to being fully operational over a month after a ransomware attack. To reduce the vulnerability of follow-up attacks, medical centers across Israel shut down some IT systems.

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

WIZARD SPIDER is a sophisticated eCrime group that has been operating the Ryuk ransomware since August 2018, targeting large organizations for a high-ransom return. This methodology, known as “big game hunting,” signals a shift in operations for WIZARD SPIDER. This actor is a Russia-based criminal group known for the operation of the TrickBot banking malware that had focused primarily on wire fraud in the past.

Water pumps were attacked in Mateh Yehuda province in Israel. These were specific, small drainage installations in the agriculture sector that were immediately and independently repaired by the locals, causing no harm or any real-world effects," the Water Authority said in a statement.