US Government Agencies Issue Joint Cybersecurity Advisory Updates Threats to U.S. Water and Wastewater Systems

  • Issue

    19 October 2021

  • Editor

    Joseph Agres

  • Editor in Chief

    Amery Smock

  • Date

    10/14/2021

  • Analysis

    Several US Government agencies issued a joint advisory highlighting malicious cyber activity targeting U.S. Water and Wastewater Sector (WWS) [1]. Common threat tactics identified in WWS facilities include: 1) spearfishing personnel to deliver malware or ransomware, 2) exploitation of unsupported or outdated operating systems and software, and 3) exploitation of outdated control system devices or firmware versions.

    The advisory reported that remote access to operational technology (OT) networks increased due to the COVID-19 pandemic, which has created additional access points for malicious actors. It also confirmed that ransomware was discovered on supervisory control and data acquisition (SCADA) systems at three different WWS facilities just this year.

    We recommend personnel in all 16 critical infrastructure sectors use this joint advisory to identify vulnerabilities within their networks and physical systems to adopt appropriate mitigations.

  • Sources

    [1] Joint Cybersecurity Advisory on Water and Wastewater Systems https://us-cert.cisa.gov/sites/default/files/publications/AA21-287A-Ongoing_Cyber_Threats_to_U.S._Water_and_Wastewater_Systems.pdf

  • Analyst

    Joseph Agres

Previous Page | Back to Home

Subscribe

Note: The email address you provide will be stored and used for the sole purpose of sending the Industrial Cybersecurity Current Intelligence Digest. It will not otherwise be shared, sold, or intentionally disclosed. You may unsubscribe at any time by following the unsubscribe link included in each email.