Industrial control systems are being increasingly targeted by hacktivists as they become aware of the impact of attacking such systems that are often insecure, SecurityWeek reports.
Fifty-five Israel-based Berghof programmable logic controllers were reported by Otorio to have been hacked by pro-Palestine hacktivist operation GhostSec, which launched a separate attack against an Israeli ICS the week after. Otorio researchers discovered that internet-exposed Berghof PLCs have been discovered using Shodan search, many of which could be infiltrated through default credentials.
"The fact that operational, ICS systems are connected directly to the internet without any proper security measures, really lowers the bar to these kinds of threats, which makes it more effective to exploit OT infrastructure in order to scare the public rather than defacing a website. Moreover, the potential damage for an attacker that is logged into one of these systems is no less than catastrophic in many cases. If their goal is to scare the public, they are doing exactly what I would do if I were them," said Otorio security researcher David Krivobokov.