In a new advisory, CISA has warned US water and wastewater system operators about an array of cyberthreats aimed at disrupting their operations. Cybersecurity company Dragos worked with CISA, the FBI, the NSA and the EPA to outline cyberthreats targeting the information and operational technology underpinning the networks, systems and devices of US water and wastewater facilities.
The warning also outlines a series of attacks that have happened this year, some of which were never reported previously.
CISA noted that the advisory was not an indication of the potential for increased attacks targeting this particular sector but was simply an effort to help water facility operators protect their systems.
The notice lists spearphishing as one of the most prevalent methods used by cybercriminals and nation-states to gain access to water systems, explaining that it is often deployed to deliver malicious payloads, including ransomware. CISA added that because IT and OT systems are often integrated together, access to one gives attackers access to the other.
CISA also mentioned exploitation of internet-connected services like RDPs as another tool used to attack water systems. With COVID-19, many water system operators use RDPs and other tools to access the systems remotely, leaving them vulnerable to outdated operating systems