A report issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) indicates the detection of three new cyberattacks against water treatment plants in the United States.
Based in California, Maine and Nevada, the plants were targeted by ransomware infections that encrypted their critical systems by compromising a tool to control industrial SCADA equipment.
The first attack, detected in March, is related to an unidentified ransomware variant against water treatment facilities in Nevada. In this incident, critical plant systems and even backup systems were infected, causing severe disruption to the affected systems.
Subsequently, threat actors employed the Ghost ransomware to infect the California-based facility. The hackers achieved a first compromise and hosted the inactive malware for almost a month, waiting for the best time to attack.
Finally, just a couple of months later, a hacking group employed remote access tactics to infect SCADA systems to compromise the Maine water treatment plant with the ZuCaNo ransomware.
Among the characteristics of these attacks, the agencies highlight:
- Use of phishing campaigns against water treatment plant employees to deliver ransomware payloads and remote access Trojans
- Abuse of services and applications exposed online
- Exploitation of vulnerabilities in industrial control systems
An issue of the exact extent of these incidents is still being determined, although experts mention that several disruptions in the operations of these water treatment plants have been confirmed.
In this regard, the aforementioned agencies recommend that managers of affected water treatment plants implement a new approach to safety, mainly by resorting to risk-based analysis to determine the validity of their prevention and response measures to security incidents: “CISA, FBI and NSA urge organizations to implement the measures described in the Recommended Mitigations section of this notice,” notes the full report.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.