In the previous eight months, hackers have targeted three US water treatment facilities with ransomware, according to officials from the Cybersecurity and Infrastructure Security Agency (Cisa).
The alert, titled “Ongoing Cyber Threats to US Water and Wastewater Systems,” was issued as a result of analyses conducted in collaboration with the Federal Bureau of Investigation, the Environmental Protection Agency, and the National Security Agency, and was intended to “highlight ongoing malicious cyber activity — by both known and unknown actors — targeting the information technology… and operational technology… networks, systems, and devices of US Water and Wastewater… networks, systems, and devices,” according to Cisa.
“This activity — which includes attempts to compromise system integrity via unauthorized access — threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities,” Cisa said.
Malicious actors have been using “spearphishing,” a technique that involves using forged emails to persuade facility personnel to click on malicious links or run malicious code, allowing hackers access to protected systems, as well as exploiting vulnerabilities in older computer operating systems that have not been patched with up-to-date security fixes, according to the bulletin.
The report’s most recent ransomware incident targeted a California-based water treatment plant in August 2021, and was detected after three systems began flashing ransomware threats.
A month prior, ransomware was used to attack a Maine water treatment facility, causing the facility’s machinery to be operated manually until the servers could be restored.
In March 2021, hackers targeted the servers of a Nevada water treatment facility, but were unable to acquire control of any treatment equipment due to the facility’s lack of automation.
The Cisa warning comes just days after Vice President Joe Biden hosted a multi-day summit with 30 countries to launch off a “counter-ransomware initiative.”
White House National Security Adviser Jake Sullivan said President Joe Biden has prioritized fighting ransomware with a number of administration initiatives, including a Department of Justice task force that targets ransomware gangs and the administration’s Industrial Control System Cybersecurity Initiative, which has helped improve security at utilities serving more than 90 million residential customers, in remarks to the initiative’s opening session.
“US Government agencies are pursuing an integrated effort to disrupt the ransomware ecosystem,” Mr Sullivan said. “We recognize the urgency of the ransomware threat, the need to protect our citizens and businesses from it, and the criticality of international cooperation to counter it”.