CISA warned of continued ransomware attacks aimed at disrupting water and wastewater facilities (WWS), highlighting five incidents that occurred between March 2019 and August 2021.

Activities cited with attempts to compromise system integrity via unauthorized access threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. CISA, along with the FBI, EPA,NSA,  said in a joint bulletin.

Citing spear-phishing, outdated operating systems and software, and control system devices running vulnerable firmware versions as the primary intrusion vectors, the agencies singled out five different cyber attacks targeting the WWS Sector

  • A former employee at Kansas-based WWS facility unsuccessfully attempted to remotely access a facility computer in March 2019 using credentials that hadn’t been revoked
  • Compromise of files and potential Makop ransomware observed at a New Jersey-based WWS facility in September 2020
  • An unknown ransomware variant deployed against a Nevada-based WWS facility in March 2021
  • ZuCaNo ransomware onto a Maine-based WWS facility’s wastewater SCADA computer in July 2021
  • A Ghost variant ransomware attack against a California-based WWS facility in August 2021

The advisory in the wake of a February 2021 attack at a water treatment facility in Oldsmar where an intruder broke into a computer system and remotely changed a setting that drastically altered the levels of sodium hydroxide (NaOH) in the water supply, before it was spotted by a plant operator, who quickly took steps to reverse the remotely issued command.

As a Security measures implementing MFA remains a key along with network segmentation to prevent lateral movements. Isolation of OT from IT and internet systems a important guideline and patching the systems regularly and implementing OS hardening guidelines keeps away the threat actors away from the system.