AI Guided Hackers To Attack OT at Water Utility

We are going to see more of this. That is a fact. The only fix is for critical infrastructure operators to improve their security.

Operational Technology (OT) are the computers and networks that control the processes inside, in this case, a water treatment plant.

Dragos Security, who specializes in OT security, published a report explaining what happened at this water plant in Mexico. Luckily, the plant’s security held up.

The hackers used both Claude and ChatGPT to run the attack.

Claude handled tasks like intrusion planning, tool development and problem solving.

ChatGPT handled data processing and reporting.

The report includes a 17,000 line Python script that Claude wrote and continuously improved. It only relied on publicly available offensive security techniques.

While the tools were not that sophisticated (at least today), what was amazing was the speed at which the AI developed the attack. What might have taken days or weeks only took a few hours for the AI to create.

While the attacker (human) did not ask the AI to go after the OT systems, the AI found them and tried to break in on its own initiative.

While the attack failed this time, it did make the OT more visible to the attackers, which will make it more likely for them to attempt to break it.

But what happens next month. The days of hope as a strategy are over. Unless you want to be a victim. Contact us if you need assistance. Credit: Security Week

by