Content written for

Small & medium business
Large organisations & infrastructure

This Alert is relevant to Australians who use Unitronics PLCs in their environments which may not have applied appropriate cybersecurity practices and have the devices exposed to the internet.

Background / What has happened?

Mitigation / How do I stay secure?

These mitigations apply to all internet-facing PLCs, not just Unitronics.

Immediate steps to prevent attack:

  • Change all default passwords on PLCs and HMIs and use a strong password. Ensure the Unitronics PLC default password is not in use.
  • Disconnect the PLC from the public-facing internet or filter access to known internet endpoints that require access.

Follow-on steps to strengthen your security posture:

  • Implement multifactor authentication for access to the operational technology (OT) network whenever applicable.
  • If you require remote access, implement a firewall and/or virtual private network (VPN) in front of the PLC to control network access. A VPN or gateway device can enable multifactor authentication for remote access even if the PLC does not support multifactor authentication.
  • Create strong backups of the logic and configurations of PLCs to enable fast recovery. Familiarise yourself with factory resets and backup deployment as preparation in the event of ransomware activity.
  • Keep your Unitronics and other PLC devices updated with the latest versions by the manufacturer.
  • Confirm third-party vendors are applying the above-recommended countermeasures to mitigate exposure of these devices and all installed equipment.

Assistance / Where can I go for help?

Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it