Hackers Exploit Weak Credentials and Internet-Facing PLCs
Hackers exploit weak credentials and internet-facing PLCs to breach water utilities, presenting a growing risk for critical infrastructure. This threat has become more targeted and sophisticated, with state-level actors now treating water systems as strategic pressure points.
Targeting Critical Infrastructure: What Happened?
Between 2024 and 2026, water utilities in the United States and Europe faced a marked increase in cyber attacks. DomainTools reports a shift from random, opportunistic attacks to deliberate, state-sponsored campaigns. Countries such as Iran, Russia, and China have used access to water infrastructure not for causing immediate damage, but for signalling capabilities, testing responses, and preparing for future conflicts.
Key Tactics Used in Attacks
- Exploiting internet-facing programmable logic controllers (PLCs)
- Abusing weak, default, or shared credentials
- Leveraging poor IT and OT network segmentation
- Taking advantage of exposed remote access tools
These intrusions rarely involve advanced malware. Instead, attackers rely on basic security lapses, such as open network ports or operator accounts using default passwords. Once inside, they gain control over water and wastewater infrastructure, systems that millions depend on daily.
Why Weak Credentials and PLC Exposure Matter
Weak credentials and internet-facing PLCs are among the most common entry points for attackers. Many water utilities, especially smaller organisations, have limited resources for cybersecurity. As a result, default passwords, shared accounts, and unsegregated networks remain widespread.
Nation-State Motivations
By targeting water systems, state actors aim to:
- Create fear and uncertainty in communities
- Test emergency response capabilities
- Position themselves for future disruptions
This approach gives threat actors strategic leverage without immediate escalation. Water utilities are now viewed as soft targets, used to demonstrate power and probe for weaknesses.
Risks for Organisations
The consequences of a breach can be severe:
- Operational disruption and service outages
- Potential health and safety risks
- Loss of public trust and reputational damage
- Regulatory penalties and financial losses
As critical infrastructure, water utilities are essential for public health and economic stability. Any disruption can have wide-reaching effects, making robust protection crucial.
What Organisations Should Do to Defend Against PLC Attacks
Organisations responsible for water systems must take proactive steps to reduce their exposure. Many recommended actions require minimal investment but deliver significant risk reduction.
Audit and Reduce Internet Exposure
- Identify all PLCs and control systems accessible from the internet
- Remove unnecessary remote access points
- Restrict access to essential users only
Strengthen Credential Management
- Enforce unique, strong passwords for all operator accounts
- Eliminate default and shared credentials
- Implement multi-factor authentication (MFA) wherever possible
Segment IT and OT Networks
- Create clear boundaries between business and operational systems
- Use firewalls and access controls to limit cross-network movement
- Regularly review network architecture and update as threats evolve
Harden Remote Access Tools
- Deploy secure, monitored remote access solutions
- Limit remote access to authorised personnel
- Monitor for unusual login activity and failed access attempts
Conduct Regular Security Assessments
- Perform vulnerability scans and penetration testing
- Review system logs for suspicious activity
- Train staff to recognise social engineering and phishing attempts
Building Resilience in Water Utilities
Even small and medium-sized water utilities can improve their defences by focusing on basic security hygiene. The following checklist summarises key actions:
- Audit internet-facing PLCs and remote access points
- Implement unique passwords and MFA for all accounts
- Segment IT and OT networks with firewalls
- Limit and monitor remote access
- Educate staff on cybersecurity awareness
Collaboration with local government and cybersecurity experts can provide additional support. Sharing threat intelligence and best practices helps raise the overall security level across the sector.
Conclusion: Staying Ahead of Evolving Threats
Hackers exploit weak credentials and internet-facing PLCs to breach water utilities, turning basic security mistakes into strategic leverage. As the threat landscape evolves, organisations must treat cybersecurity as a core operational priority. By auditing systems, enforcing strong credentials, segmenting networks, and hardening remote access, water utilities can reduce their risk and build resilience against future attacks.
Originally reported by cybersecuritynews.com.
