US Government Warns of Insider and Ransomware Threat to Water Plants
The US authorities have issued an alert warning of ongoing malicious cyber-activity targeting the country’s water and wastewater systems (WWS) sector.
The alert highlighted multiple tactics, techniques and procedures (TTPs) being used by a range of actors in an attempt to compromise IT and OT systems.
These include spear-phishing, exploitation of insecure RDP, targeting of unsupported or outdated operating systems and software, and exploitation of control system devices with vulnerable firmware.
The alert was issued by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the National Security Agency (NSA).
It refers to multiple incidents over the past two years – mainly ransomware attacks, including a September 2020 attack on a New Jersey-based WWS facility, a March 2021 compromise at a Nevadan plant, and an August 2021 attack on a Californian WWS site.
Also mentioned is a notorious 2019 incident in which a former employee at a Kansas plant was able to access and shut down some of the key processes used to disinfect water with the intention of causing harm.
History repeated itself two years later when an actor gained unauthorized