U.S. Water Supply at Risk from Hackers

  • By Dawna M. Roberts
  • Oct 28, 2021

 Government and U.S. intelligence agencies warn five states that ransomware hackers continue to target U.S. water supply facilities, posing a serious and terrifying threat for Americans.

What is Going On?

According to Cyberscoop.com “A cybersecurity advisory published Thursday from the FBI, the Cybersecurity Infrastructure and Security Agency, the Environmental Protection Agency and the National Security Agency highlighted incidents in five states between March of 2019 and August 2021, where systems were targeted by either ransomware attacks or other hacks. In one case, a former employee of a Kansas-based facility tried to “threaten drinking water safety by using his user credentials…to remotely access a facility computer,” according to the alert.”

Other states where ransomware attacks have occurred targeting water supply or waste management facilities are California, Maine, Nevada, and New Jersey. In February, a hacker attempted to poison Florida’s water supply by increasing the amount of sodium hydroxide. Thankfully the attack was thwarted, and no one was injured. However, that same day another hacker tried to attack the same facility using a botnet. Another attack occurred in Kansas last year where a disgruntled employee tampered with systems at the local water processing plant. 

The advisory published on Thursday warns of “ongoing malicious cyber activity — both by known and unknown actors.” The magnitude of danger with these threats is far direr than attacks on corporations, information technology, or even supply chain vendors. Therefore, water treatment plants must take immediate steps to protect citizens’ drinking water.

How Are These Attacks Executed?

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) mentioned that one of the most prominent ways ransomware attacks begin is through spear-phishing campaigns targeting personnel within a specific agency, hoping that the employee will click a link or enter login credentials allowing the bad actors in. 

Another vulnerability CISA warns about is the exploitation of outdated operating systems, hardware, and software. These same hackers may exploit vulnerable hardware with flawed firmware as well. That is what occurred with the SolarWinds Orion supply chain attack that affected thousands and continues to have a ripple effect on many organizations and government agencies. 

The alert posted by CISA noted that these facilities lean towards investing in physical infrastructure improvements rather than IT system where outdated software and unsupported firmware leaves the door open for hackers.
U.S. Water Supply at Risk from Hackers

What Can Water Treatment Plants Do to Stay Safe?

CISA strongly recommends that these facilities modify their investment strategy to fortify their networks, digital systems, along with hardware and software to keep remote attackers out. The agency also cites poor password security as the number one reason that attackers are successful. 

The second most prominent problem is outdated software and operating systems. Upgrades are necessary to keep out threat actors. Some other tips to stay safe are:
  • Institute strong password policies and access control for all systems.
  • Adopt a zero-trust policy for all hardware and devices on-site.
  • Invest in top-notch antivirus software and run it on all networked devices.
  • Hire forensic IT professionals to audit the system and plug any holes thoroughly.
  • Monitor networked systems 24/7.
  • Implement a thorough educational plan for employees to instruct them about phishing emails, social engineering tactics, and other entry points and provide ironclad solutions for a safe response. 
  • Keep good backups off-site in case of ransomware attacks.
  • Never click links in email or download attachments.
  • Always verify the sender of any email before filling out forms.
  • Never share credentials with anyone online who requests them. 
  • Use common sense and act on the side of being offensive rather than defensive. 

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What is an Incident Response?

What is an Incident Response?

What is an Incident Response? After a bank heist, the work begins with specialized teams and plans engaged, allowing for analysis of the event, and from this analysis, the bank can prepare a response to the incident.

What is a Social Engineering Attack? Techniques and Ways to Prevent

What is a Social Engineering Attack? Techniques and Ways to Prevent

Everyone has received a spam text or email at some point. Their hallmarks are widely known; they often include poor or strange grammar, suspicious links, suggested connections with companies or people, or random individuals asking for help in some capacity.

Side Channel Attack: Everything You Need To Know

Side Channel Attack: Everything You Need To Know

Every year, millions of people get victimized by data breaches. Criminals steal their data from the network environments of organizations, vendors, providers, institutions, and governments; with ever-increasing frequency, cybercriminals are making big moves in the cyber wars—and making billions of dollars. 

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Close
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close