US Joint Advisory outlines threats to water and wastewater treatment facilities.
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday published a joint advisory warning of "ongoing malicious activity—by both known and unknown actors" directed against water and wastewater (WWS) treatment facilities. It emphasizes the threat of spearphishing as well as exploitation of outdated operating systems and vulnerable control system firmware. CISA cited the following incidents that have occurred since 2019:
- "In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message.
- "In July 2021, cyber actors used remote access to introduce ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer. The treatment system was run manually until the SCADA computer was restored using local control and more frequent operator rounds.
- "In March 2021, cyber actors used an unknown ransomware variant against a Nevada-based WWS facility. The ransomware affected the victim’s SCADA system and backup systems. The SCADA system provides visibility and monitoring but is not a full industrial control system (ICS).
- "In September 2020, personnel at a New Jersey-based WWS facility discovered potential Makop ransomware had compromised files within their system.
- "In March 2019, a former employee at Kansas-based WWS facility unsuccessfully attempted to threaten drinking water safety by using his user credentials, which had not been revoked at the time of his resignation, to remotely access a facility computer."