Government and U.S. intelligence agencies warn five states that ransomware hackers continue to target U.S. water supply facilities, posing a serious and terrifying threat for Americans.
What is Going On?
According to
Cyberscoop.com “A
cybersecurity advisory published Thursday from the FBI, the Cybersecurity Infrastructure and Security Agency, the Environmental Protection Agency and the National Security Agency highlighted incidents in five states between March of 2019 and August 2021, where systems were targeted by either ransomware attacks or other hacks. In one case, a former employee of a Kansas-based facility tried to “threaten drinking water safety by using his user credentials…to remotely access a facility computer,” according to the alert.”
Other states where ransomware attacks have occurred targeting water supply or waste management facilities are California, Maine, Nevada, and New Jersey. In February, a hacker attempted to poison Florida’s water supply by increasing the amount of sodium hydroxide. Thankfully the attack was thwarted, and no one was injured. However, that same day another hacker tried to attack the same facility using a botnet. Another attack occurred in Kansas last year where a disgruntled employee tampered with systems at the local water processing plant.
The
advisory published on Thursday warns of “ongoing malicious cyber activity — both by known and unknown actors.” The magnitude of danger with these threats is far direr than attacks on corporations, information technology, or even supply chain vendors. Therefore, water treatment plants must take immediate steps to protect citizens’ drinking water.
How Are These Attacks Executed?
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) mentioned that one of the most prominent ways
ransomware attacks begin is through spear-phishing campaigns targeting personnel within a specific agency, hoping that the employee will click a link or enter login credentials allowing the bad actors in.
Another vulnerability CISA warns about is the exploitation of outdated operating systems, hardware, and software. These same hackers may exploit vulnerable hardware with flawed firmware as well. That is what occurred with the SolarWinds Orion supply chain attack that affected thousands and continues to have a ripple effect on many organizations and government agencies.
The alert posted by CISA noted that these facilities lean towards investing in physical infrastructure improvements rather than IT system where outdated software and unsupported firmware leaves the door open for hackers.
What Can Water Treatment Plants Do to Stay Safe?
CISA strongly recommends that these facilities modify their investment strategy to fortify their networks, digital systems, along with hardware and software to keep remote attackers out. The agency also cites poor password security as the number one reason that attackers are successful.
The second most prominent problem is outdated software and operating systems. Upgrades are necessary to keep out threat actors. Some other tips to stay safe are:
- Institute strong password policies and access control for all systems.
- Adopt a zero-trust policy for all hardware and devices on-site.
- Invest in top-notch antivirus software and run it on all networked devices.
- Hire forensic IT professionals to audit the system and plug any holes thoroughly.
- Monitor networked systems 24/7.
- Implement a thorough educational plan for employees to instruct them about phishing emails, social engineering tactics, and other entry points and provide ironclad solutions for a safe response.
- Keep good backups off-site in case of ransomware attacks.
- Never click links in email or download attachments.
- Always verify the sender of any email before filling out forms.
- Never share credentials with anyone online who requests them.
- Use common sense and act on the side of being offensive rather than defensive.