Site icon The Stack

Four US wastewater plants hit by ransomware (Windows 7 one culprit…)

wastewater ransomware attacks

A sewage plant. Image credit: Patrick Federi, via Unsplash.com

Four US water and wastewater systems (WWS) plants have been hit by ransomware in the past 13 months, a new advisory from CISA noted late Thursday (October 14), including one incident that crippled the victim’s SCADA system and backup systems — a reminder (lest the Colonial Pipeline shutdown hadn’t “reminded” policy makers and business leaders enough) that critical infrastructure remains vulnerable to cyberattacks.

Emphasising that the report “does not intend to indicate greater targeting of the WWS Sector versus others” and that the US’s WWS plants “commonly use outdated control system devices or firmware versions, which expose WWS networks to publicly accessible and remotely executable vulnerabilities”, CISA pointed to five recent incidents, including four ransomware attacks and one incident involving a disgruntled former employee.

Wastewater ransomware attacks: The incidents

A key priority for all plant operators (given the need for increased use of remote ops in the wake of the pandemic) is to properly assess and mitigate the risk posed by enhanced remote access, CISA notes, listing some common threat vectors like exposed RDP, unpatched software etc. and emphasising the need for multi-factor authentication “for all remote access to the OT network, including from the IT network and external networks.”

While cybersecurity professionals and agencies like CISA may get tired of repeating the same messages ad nauseum, for many organisations, IT remains something of an afterthought and IT “teams” (where they exist: sometimes it’s a one-person show; a dedicated cybersecurity specialist is even more of a rarity) are often stretched thin and among the first parts of a company to be cut when times are tight.

CISA’s TTPs on the wastewater ransomware attacks and mitigations can be seen here.

See also: 7 free cybersecurity tools to consider

Exit mobile version