The recent cyberattack on a hotel pool controller in Israel highlights the potential risks and vulnerabilities that the pool industry faces in terms of hackers affecting Operational Technology (OT) security. As the use of technology in pool systems continues to increase, it is important for pool companies and professionals to understand the potential dangers and take steps to protect themselves and their clients.
Hackers Shine Spotlight on Lack of Security
The hacktivist group GhostSec claimed it breached the hotel’s pool water system and could control the pH and chlorine levels in the pools. The attackers did not disclose the details of the OT breach, but researchers at Otorio, a cybersecurity company specializing in OT security, investigated the incident and found two Aegis II controllers that were exposed.
hope you all can understand our decision on not attacking their PH levels and risking a chance to harm the innocents of #Israel
Our “war” has always been FOR the people not against them. #FreePalestine
Details:https://t.co/7hczY9Owh1 pic.twitter.com/wGa7YXCbfV
— GhostSec (@ghost_s3curity) September 11, 2022
The Aegis II controller is a device used to monitor and control the chemical concentration in water in locations such as swimming pools, spas, and water parks. The controllers can communicate with other systems, such as pumps, heaters, and sensors, to maintain water quality.
In this case, the AEGIS II here was responsible for continuously measuring and controlling the conductivity and biocide concentration to keep pipework and heat exchangers clean.
The AEGIS II Controller’s applications included:
- Control of bleeding in evaporation cooling systems
- Control of corrosion inhibitors, de-foamers and dispersants
- Measuring and control of inhibitor concentration
- Measuring and control of pH and ORP voltage
- Metering of biocides
According to Otorio’s report, the hackers could have potentially affected the pH levels of the hotel’s pools, but there is no evidence that any harm was done to the guests or the facility. However, the incident raises concerns about the growing threat of OT cyberattacks and their impact on critical infrastructure and public safety.
Targeting Pool Automation Devices With Weak Security
One of the key concerns in the pool industry is the use of programmable logic controllers (PLCs) and other ICS devices that are used to monitor and control the various aspects of pool systems, such as chemical levels, temperature, pumps, and lighting. These devices can be vulnerable to cyberattacks if they are not properly secured, especially if they are connected to the Internet or other networks.
OT cyberattacks are not new, but they are becoming more frequent, sophisticated, and disruptive. Unlike hackers that focus on stealing data or disrupting services, OT attacks can have physical consequences, such as equipment damage, production loss, environmental damage, or human harm.
Finding Out Exactly How It Happened
In the case of this particular pool controller breach, the attackers were able to access the Aegis II controllers with default passwords, which is a common weakness that can be easily exploited. Once the attackers gained access to the controllers, they could potentially manipulate the chemical levels in the pools, which could cause harm to the swimmers or damage to the equipment.
At the discovery of this breach, OTORIO promptly informed Israel’s Cyber Emergency Response Team (CERT) of the incident and worked closely with the authorities to resolve the issue as quickly as possible. As of now, the affected controller is no longer accessible to the public.
This incident highlights the importance for pool professionals to take a proactive approach to OT security by implementing best practices and security controls, such as:
- Changing default passwords and using strong and unique passwords for each device and user
- Updating firmware and software patches regularly to fix known vulnerabilities
- Segmenting the network and restricting access to critical devices and systems
- Encrypting data in transit and at rest to prevent unauthorized access
- Monitoring the system for suspicious activities and anomalies that could indicate a cyberattack
- Having a comprehensive incident response plan in place to minimize the impact of a cyberattack and restore normal operations as quickly as possible.
Installers who are performing upgrades or new installations of equipment should also stay informed about the latest trends and threats in OT security and seek guidance from cybersecurity experts or specialized vendors if needed. By taking a proactive and collaborative approach to OT security, pool professionals can help mitigate the risk of hackers gaining access to equipment and ensure the safety and satisfaction of their clients.
The post Cyberattack on Pool in Israel a Wake-Up Call For Pool Pros appeared first on PoolMagazine.com – Get The Latest Pool News.
