CISA Points Warning On Cyber Threats Focusing on Water and Wastewater Programs

Cybersecurity Infrastructure and Security Agency

The U.S. Cybersecurity Infrastructure and Safety Company (CISA) on Thursday warned of continued ransomware assaults aimed toward disrupting water and wastewater services (WWS), highlighting 5 incidents that occurred between March 2019 and August 2021.

“This exercise—which incorporates makes an attempt to compromise system integrity by way of unauthorized entry—threatens the flexibility of WWS services to offer clear, potable water to, and successfully handle the wastewater of, their communities,” CISA, together with the Federal Bureau of Investigation (FBI), the Environmental Safety Company (EPA), and the Nationwide Safety Company (NSA), mentioned in a joint bulletin.

Automatic GitHub Backups

Citing spear-phishing, outdated working methods and software program, and management system gadgets working susceptible firmware variations as the first intrusion vectors, the companies singled out 5 completely different cyber assaults from 2019 to early 2021 focusing on the WWS Sector —

  • A former worker at Kansas-based WWS facility unsuccessfully tried to remotely entry a facility pc in March 2019 utilizing credentials that hadn’t been revoked
  • Compromise of information and potential Makop ransomware noticed at a New Jersey-based WWS facility in September 2020
  • An unknown ransomware variant deployed in opposition to a Nevada-based WWS facility in March 2021
  • Introducing ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA pc in July 2021
  • A Ghost variant ransomware assault in opposition to a California-based WWS facility in August 2021
Enterprise Password Management

The advisory is notable within the wake of a February 2021 assault at a water therapy facility in Oldsmar the place an intruder broke into a pc system and remotely modified a setting that drastically altered the degrees of sodium hydroxide (NaOH) within the water provide, earlier than it was noticed by a plant operator, who rapidly took steps to reverse the remotely issued command.

Along with requiring multi-factor authentication for all distant entry to the operational expertise (OT) community, the companies have urged WWS services to restrict distant entry to solely related customers, implement community segmentation between IT and OT networks to forestall lateral motion, and incorporate skills to failover to alternate management methods within the occasion of an assault.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts