Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

Cybersecurity Infrastructure and Security Agency

The U.S. Cybersecurity Infrastructure and Security Agency (CISA)
on Thursday warned of continued ransomware attacks aimed at
disrupting water and wastewater facilities (WWS), highlighting five
incidents that occurred between March 2019 and August 2021.

“This activity—which includes attempts to compromise system
integrity via unauthorized access—threatens the ability of WWS
facilities to provide clean, potable water to, and effectively
manage the wastewater of, their communities,” CISA, along with the
Federal Bureau of Investigation (FBI), the Environmental Protection
Agency (EPA), and the National Security Agency (NSA), said[1]
in a joint bulletin.

Automatic GitHub Backups

Citing spear-phishing, outdated operating systems and software,
and control system devices running vulnerable firmware versions as
the primary intrusion vectors, the agencies singled out five
different cyber attacks from 2019 to early 2021 targeting the WWS
Sector —

  • A former employee at Kansas-based WWS facility unsuccessfully
    attempted to remotely access a facility computer in March 2019
    using credentials that hadn’t been revoked
  • Compromise of files and potential Makop ransomware observed at
    a New Jersey-based WWS facility in September 2020
  • An unknown ransomware variant deployed against a Nevada-based
    WWS facility in March 2021
  • Introducing ZuCaNo ransomware onto a Maine-based WWS facility’s
    wastewater SCADA computer in July 2021
  • A Ghost variant ransomware attack against a California-based
    WWS facility in August 2021

Prevent Data Breaches

The advisory is notable in the wake of a February 2021 attack[2]
at a water treatment facility in Oldsmar where an intruder broke
into a computer system and remotely changed a setting that
drastically altered the levels of sodium hydroxide (NaOH) in the
water supply, before it was spotted by a plant operator, who
quickly took steps to reverse the remotely issued command.

In addition to requiring multi-factor authentication for all
remote access to the operational technology (OT) network, the
agencies have urged WWS facilities to limit remote access to only
relevant users, implement network segmentation between IT and OT
networks to prevent lateral movement, and incorporate abilities to
failover to alternate control systems in the event of an
attack.

References

  1. ^
    said
    (us-cert.cisa.gov)
  2. ^
    February
    2021 attack     (thehackernews.com)

Read more