- Home
- Alerts & Advisories
- Alerts
- Ongoing Attacks Against Exposed Unitronics Devices
Alerts
Ongoing Attacks Against Exposed Unitronics Devices
7 December 2023
There are global reports of ongoing attacks against exposed Unitronics devices. Such attacks involve the exploitation of cybersecurity vulnerabilities in the Unitronics devices, including poor password security and exposure to the internet. Attackers leverage default credentials to gain unauthorised access to the devices, enabling them to potentially cause physical damage to the compromised devices.
Users and administrators of Unitronics devices are advised to stay vigilant and adopt the following measures to defend against these attacks:
Use Strong Passphrases: Create a strong passphrase of at least 12 characters with a mix of upper and lower case letters, numbers, and symbols. Ensure the Unitronics PLC default password is not in use.
Enable Multi-Factor Authentication (MFA): Use MFA for all remote access to the Operational Technology network, including from the IT network and external networks.
Control Network Access: Disconnect the Unitronics devices from the internet. If remote access is necessary, enforce access controls (for example, IP address whitelisting) and monitor for suspicious activities.
Maintain Updated Backups: Perform regular data backups of the logic and configurations on the Unitronics devices to help facilitate data restoration in the event of a ransomware attack.
Review Settings on Default Ports: If possible, utilise a TCP port that is different than the default port TCP 20256 and restrict connections only to trusted ports.
Check for Updates: Update devices to the latest version provided by Unitronics and check regularly for available updates.
If your organisation detects any unauthorised access to your device(s), report the incident to SingCERT immediately at https://www.csa.gov.sg/reporting
More information is available here:
https://therecord.media/cisa-water-utilities-outreach-unitronics-plcs