[TheRecord] US govt reveals three more ransomware attacks on water treatment plants this year

Ransomware gangs have silently hit three US water and wastewater treatment facilities this year, in 2021, the US government said in a joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA.

The attacks —which had been previously unreported— took place in March, July, and August and hit facilities in Nevada, Maine, and California, respectively.

The attacks led to the threat actors encrypting files, and in one case, even corrupting a computer used to control the SCADA industrial equipment deployed inside the treatment plant.

The three new incidents [see below] were listed as examples of what could happen when water treatment facilities ignore and fail to secure their computer networks.

In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS [water and wastewater system] facility. The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message.In July 2021, cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer. The treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds.In March 2021, cyber actors used an unknown ransomware variant against a Nevada-based WWS facility. The ransomware affected the victim’s SCADA system and backup systems. The SCADA system provides visibility and monitoring but is not a full industrial control system (ICS).

Two other examples from previous years were also included in the joint advisory:

In September 2020, personnel at a New Jersey-based WWS facility discovered potential Makop ransomware had compromised files within their system.In March 2019, a former employee at Kansas-based WWS facility unsuccessfully attempted to threaten drinking water safety by using his user credentials, which had not been revoked at the time of his resignation, to remotely access a facility computer [see media coverage].

Three incidents that were not included in the joint advisory but which also hit water treatment had been widely reported also included:

In January 2021, a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area [see media coverage].In February 2021, a hacker tried to alter chemical levels at the WWS facility in Oldsmar, Florida. The intrusion was detected right away, and the hacker’s modifications were reversed. [see media coverage]In May 2021, hackers breached the network of the Belle Vernon Municipal Authority in Pennsylvania [see media coverage].

The four US government agencies said that the joint advisory published today does not show an uptick in cyber activity targeting US water systems.

Instead, they said that while attacks on other sectors are more common, any malicious activity targeting the US water system “threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities,” hence a reason to be proactive in making sure the security posture of these facilities is up to par with the role they play.

“CISA, FBI, EPA, and NSA strongly urge organizations to implement the measures described in the Recommended Mitigations section of this advisory,” the four agencies said.

The post US govt reveals three more ransomware attacks on water treatment plants this year appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] US, UK, and Australia warn of Iranian hacking activity after Microsoft report

Cybersecurity agencies from the US, UK, and Australia have published a joint security alert to raise awareness of an ongoing wave of intrusions carried out by Iranian government-sponsored hacking groups since the start of the year. The joint advisory, authored by the FBI, CISA, ACSC, and NCSC, comes a day after Microsoft has published its […]

Read More

[HackerNews] Update Your Windows Computers to Patch 6 New In-the-Wind Zero-Day Bugs

All posts, HackerNews

Microsoft on Tuesday released another round of security updates for Windows operating systems and other supported software, squashing 50 vulnerabilities, including 6 zero-days that are said to be under active attack. The flaws were identified and resolved in Microsoft Windows, .NET Core and Visual Studio, Microsoft Office, Microsoft Edge (Chromium-based and EdgeHTML), SharePoint Server, Hyper-V, Source: Read […]

Read More

[ZDNet] Fortinet warns of Black Friday scams involving PS5s, Xboxes and fake Amazon gift card generators that steal crypto

All posts, ZDNet

Researchers with FortiGuard Labs said they found a file titled “Amazon Gift Tool.exe” that was being marketed on a publicly available file repository site as a free Amazon gift card generator. Source: Read More (Latest topics for ZDNet in Security)

Read More