US Government Agencies Issue Joint Cybersecurity Advisory Updates Threats to U.S. Water and Wastewater Systems
Issue
19 October 2021
Editor
Joseph Agres
Editor in Chief
Amery Smock
Date
10/14/2021
-
Analysis
Several US Government agencies issued a joint advisory highlighting malicious cyber activity targeting U.S. Water and Wastewater Sector (WWS) [1]. Common threat tactics identified in WWS facilities include: 1) spearfishing personnel to deliver malware or ransomware, 2) exploitation of unsupported or outdated operating systems and software, and 3) exploitation of outdated control system devices or firmware versions.
The advisory reported that remote access to operational technology (OT) networks increased due to the COVID-19 pandemic, which has created additional access points for malicious actors. It also confirmed that ransomware was discovered on supervisory control and data acquisition (SCADA) systems at three different WWS facilities just this year.
We recommend personnel in all 16 critical infrastructure sectors use this joint advisory to identify vulnerabilities within their networks and physical systems to adopt appropriate mitigations. -
Sources
[1] Joint Cybersecurity Advisory on Water and Wastewater Systems https://us-cert.cisa.gov/sites/default/files/publications/AA21-287A-Ongoing_Cyber_Threats_to_U.S._Water_and_Wastewater_Systems.pdf
Analyst