Security News > 2021 > October > CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems

CISA Issues Warning On Cyber Threats Targeting Water and Wastewater Systems
2021-10-15 07:10

The U.S. Cybersecurity Infrastructure and Security Agency on Thursday warned of continued ransomware attacks aimed at disrupting water and wastewater facilities, highlighting five incidents that occurred between March 2019 and August 2021.

"This activity-which includes attempts to compromise system integrity via unauthorized access-threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities," CISA, along with the Federal Bureau of Investigation, the Environmental Protection Agency, and the National Security Agency, said in a joint bulletin.

Citing spear-phishing, outdated operating systems and software, and control system devices running vulnerable firmware versions as the primary intrusion vectors, the agencies singled out five different cyber attacks from 2019 to early 2021 targeting the WWS Sector -.

Introducing ZuCaNo ransomware onto a Maine-based WWS facility's wastewater SCADA computer in July 2021.

The advisory is notable in the wake of a February 2021 attack at a water treatment facility in Oldsmar where an intruder broke into a computer system and remotely changed a setting that drastically altered the levels of sodium hydroxide in the water supply, before it was spotted by a plant operator, who quickly took steps to reverse the remotely issued command.

In addition to requiring multi-factor authentication for all remote access to the operational technology network, the agencies have urged WWS facilities to limit remote access to only relevant users, implement network segmentation between IT and OT networks to prevent lateral movement, and incorporate abilities to failover to alternate control systems in the event of an attack.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/1_PDcihUT_E/cisa-issues-warning-on-cyber-threats.html