US Government Warns of Insider and Ransomware Threat to Water Plants

The US authorities have issued an alert warning of ongoing malicious cyber-activity targeting the country’s water and wastewater systems (WWS) sector.

The alert highlighted multiple tactics, techniques and procedures (TTPs) being used by a range of actors in an attempt to compromise IT and OT systems.

These include spear-phishing, exploitation of insecure RDP, targeting of unsupported or outdated operating systems and software, and exploitation of control system devices with vulnerable firmware.

The alert was issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA).

It refers to multiple incidents over the past two years – mainly ransomware attacks, including a September 2020 attack on a New Jersey-based WWS facility, a March 2021 compromise at a Nevadan plant, and an August 2021 attack on a Californian WWS site.

Also mentioned is a notorious 2019 incident in which a former employee at a Kansas plant was able to access and shut down some of the key processes used to disinfect water with the intention of causing harm.

History repeated itself two years later when an actor gained unauthorized access to the IT network of a facility in Oldsmar, Florida, and tried to change the water supply’s chemical balance. It was subsequently revealed that it had left a critical SCADA system hooked up to a remote access tool, for which the password was never changed. The same credential was also reused across the facility.

However, the agencies were at pains to point out that the alert does not mean the WWS sector is being targeted more than other industries – merely that plant owners should be aware of ongoing cyber-risk to their operations.

“This activity – which includes attempts to compromise system integrity via unauthorized access – threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities,” it noted.

What’s Hot on Infosecurity Magazine?