Hackers have infiltrated water treatment systems 5 times during 2021; ransomware attacks intended to kill millions of people

A report issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) indicates the detection of three new cyberattacks against water treatment plants in the United States.

Based in California, Maine and Nevada, the plants were targeted by ransomware infections that encrypted their critical systems by compromising a tool to control industrial SCADA equipment.

The first attack, detected in March, is related to an unidentified ransomware variant against water treatment facilities in Nevada. In this incident, critical plant systems and even backup systems were infected, causing severe disruption to the affected systems.

Subsequently, threat actors employed the Ghost ransomware to infect the California-based facility. The hackers achieved a first compromise and hosted the inactive malware for almost a month, waiting for the best time to attack.

Finally, just a couple of months later, a hacking group employed remote access tactics to infect SCADA systems to compromise the Maine water treatment plant with the ZuCaNo ransomware.

Among the characteristics of these attacks, the agencies highlight:

  • Use of phishing campaigns against water treatment plant employees to deliver ransomware payloads and remote access Trojans
  • Abuse of services and applications exposed online
  • Exploitation of vulnerabilities in industrial control systems

An issue of the exact extent of these incidents is still being determined, although experts mention that several disruptions in the operations of these water treatment plants have been confirmed.

In this regard, the aforementioned agencies recommend that managers of affected water treatment plants implement a new approach to safety, mainly by resorting to risk-based analysis to determine the validity of their prevention and response measures to security incidents: “CISA, FBI and NSA urge organizations to implement the measures described in the Recommended Mitigations section of this notice,” notes the full report.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.