Employee PC hacked via TeamViewer in attempted water supply poisoning

The alert revealed that three industrial control systems (ICS) at water facilities in the US had been impacted by ransomware attacks in the past two years.

“The ransomware variant had been in the system for about a month and was discovered when three supervisory control and data acquisition (SCADA) servers displayed a ransomware message,” the agencies noted in the alert.

WWS Facilities Under Threat

As per the alert from the FBI, CISA, EPA, and NSA, the WWS sector is currently under the radar of cybercriminals. Threat actors can launch phishing campaigns and target outdated software to exploit control systems.

The agencies claim that they are aware of the emerging threat against water facilities’ OT and IT networks. The agencies revealed that threat actors are explicitly targeting critical infrastructure sectors; however, this doesn’t mean that the threat isn’t restricted to the WWS sector only.

The Executive Assistant Director for Cybersecurity, Eric Goldstein, stated that the recent ransomware incidents make cybersecurity a top priority of critical infrastructure owners and operators.

“While vulnerabilities within the Water Sector are comparable to vulnerabilities observed across many other sectors, the criticality of water and wastewater infrastructure and recent intrusions impacting the sector reflect the need for continued focus and investment,” Goldstein said.

Potable Water Facilities The Prime Target

The advisory noted that malicious activities targeting WWS facilities might launch ransomware attacks affecting the potable water generating facilities by gaining control of wastewater processes.

Since these facilities are part of the sixteen US critical infrastructure sectors, spearphishing or other kinds of attacks that cause their compromise or incapacitation would directly impact national and economic security and jeopardize public health and safety.

Multiple Malware Strains Discovered

The agencies further revealed that they had identified multiple ransomware strains against the WWS sector in the incidents. The threat actors are trying to encrypt water treatment facilities systems using Ghost used in August 2021 against a WWS facility in California.

SEE: DoJ charges man for hacking, tempering with public water facility

The ransomware variant persisted in the system for a month. Authorities later discovered it in three supervisory control and data acquisition (SCADA) servers that displayed a ransomware message

In September 2021, threat actors used the Makop ransomware variant against a New Jersey-based WWS facility. In March 2021, a Nevada-based WWS facility was also targeted with an unknown malware strain that affected the SCADA system.

Moreover ransomware strain called ZuCaNo was launched against a Maine-based WWS facility’s SCADA wastewater computer in July 2021, and the system had to be run manually until the computer was restored.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Posted by Charlie