A group of Iranian hackers recently posted a video showing how they managed to access an industrial control system (ICS) at a water facility in Israel.
According to industrial cybersecurity firm OTORIO, the hackers accessed a human-machine interface (HMI) system that was directly connected to the internet without any authentication or other type of protection. The target was apparently a reclaimed water reservoir.
“This gave the attackers easy access to the system and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature and more. All the adversaries needed was a connection to the world-wide-web, and a web browser,” OTORIO said in a blog post.